Solved

Setting up multiple DSL connections on SonicWall NSA250M

Posted on 2013-06-15
8
259 Views
Last Modified: 2014-09-04
Hi there, I am hoping somebody can help me. I have a SonicWall NSA250M and have recently acquired a second DSL line (our connection speed is poor). I have managed to add the new connection as the X3 interface and added it to the load balancing (round robin) group.

We can see the increased performance when browsing the net but I have a problem; when the second line is connected we lose the ability to send emails - is this an access group/routing issue? Also, if I go to a web browser and check my ip, I get both external ip's - this is not in itself a problem, but can I stop the second line broadcasting its ip?

Hope you can help.

Thanks

James
0
Comment
Question by:ilikeulike
  • 4
  • 2
  • 2
8 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 500 total points
ID: 39251934
Not sure what you mean by "broadcasting its ip".

However, when you go out the 2nd link, your firewell will NAT/PAT the IP address provided by your 2nd ISP.  So whenever you go out the 2nd link, you have your 2nd ISP's IP address.  Nothing you can do about this, because that is how it works.

As for sending e-mail.  It it all e-mail or just some e-mail?  I would expect  that you may have problems sometimes when your SMTP server tries to go out the second link.  The receiving side will see your domain/host name coming from your 2nd ISP's address.  If it does a forward lookup for your host/domain name it will not match.  Some SMTP servers will reject e-mail when this happens.
0
 

Author Comment

by:ilikeulike
ID: 39252975
hi there, you are correct, it is not all email, just email that presumably tries to go out on the X3 interface. This is when we get the error 550 relaying message.  Can i set up a rule to force email to use the original interface?

Thanks

James
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39254441
Not really familiar with SonicWall, I look at the doc but you should be able to.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39254938
It's probably the common https doesn't work with round robin load balancing. You either have to choose a percent mode or make rules to push all https traffic through one interface.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 57

Expert Comment

by:giltjr
ID: 39256611
What does https have to do with SMTP traffic?

Anyhow.

It looks like Sonicwall support route policies.  So you can setup a route policy so that traffic from your SMTP server is forced out a specific interface.  You can either do all traffic from your SMTP server, or just port 25 traffic.

Example of screen shot is here:

http://www.mojocode.com/content/isolating-load-balanced-connection-sonicwall
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39256643
Smtp is frequently done using ssl on port 587. So it's the same problem as https.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39257385
Well yes, but in this case I doubt it.

When one SMTP server sends e-mail to another SMTP server it uses port 25 clear text.

Port 587 can be used by an e-mail client to send e-mail to its SMTP server using SSL.

I am making the assumption ilikeulike's problem deals SMTP server to SMTP server communications.

Although it is possible that ilikeulike hosts their SMTP server external to his company and their e-mail clients use 587 and SSL to communicate with it.

In which case the route policy would need to include all IP addresses trying to communicate to port 587.
0
 

Author Comment

by:ilikeulike
ID: 39258484
Hi guys, thanks for the great discussion. I will check out the routing rules today. To clarify, we have our Exchange server on our local network.
Thanks

James
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now