asked on Sonicwall TZ 105 configuration for Multiple LAN’s
I have a new Sonicwall TZ 105 that I need to configure with multiple LAN’s. This is a continuation of the following question now that I have settled on the Sonicwall for hardware:
https://www.experts-exchange.com/Hardware/Networking_Hardware/Q_28204662.html
I would like some opinions as to whether or not the solution from the above question is the most ideal for the Sonicwall or if there is a better suited solution.
I have spent a considerable amount of time reading through the Administrator’s Guide and watching tutorials so I do have a basic understanding of the device. However, I’m looking for a basic outline of the steps I should take using Sonicwall specific language.
https://www.experts-exchange.com/Hardware/Networking_Hardware/Q_28204662.html
I would like some opinions as to whether or not the solution from the above question is the most ideal for the Sonicwall or if there is a better suited solution.
I have spent a considerable amount of time reading through the Administrator’s Guide and watching tutorials so I do have a basic understanding of the device. However, I’m looking for a basic outline of the steps I should take using Sonicwall specific language.
Hardware FirewallsNetworkingRoutersNetworking Hardware-OtherNetwork Security
Last Comment
Blue Street Tech
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you. I will get to trying this as soon as I can- today or tomorrow. I will let you know how it goes.
ASKER
When I go through the setup that is outlined I don't have any access through the port including pinging(which I assigned) or accessing the WMI.
If I configure the port direclty (no VLan), it works as I would expect. I assume that I am missing a step after configuring the port with the VLan.
If I configure the port direclty (no VLan), it works as I would expect. I assume that I am missing a step after configuring the port with the VLan.
What part are you having problems with exactly?
What is the firmware version you are using?
When I go through the setup that is outlined I don't have any access through the port including pinging(which I assigned) or accessing the WMI.I don't know what this means? Are you talking about the Zone Interface configuration? If so, forget about access...we can assign whatever services you want to run here later after the config is complete.
If I configure the port direclty (no VLan), it works as I would expect. I assume that I am missing a step after configuring the port with the VLan.What do you mean directly...through PortSheilding? If so, you cannot assign a Zone that way...you have to follow the steps how I have laid them out.
What is the firmware version you are using?
ASKER
I'm sorry for the vague update.
The firmware is SonicOS Enhanced 5.8.1.6-3o.
I had no problem following your directions. Upon completion of the steps 1 & 2, I changed the IP of my PC to match the newly configured interface(X2:V1) and plugged the Ethernet into the it but I could not pass any traffic to/through the Sonicwall. I didn't do step 3, yet.
After that didn't work, I configured a different interface(X3) by clicking on the "Edit" button on the "Interfaces" screen and configured the interface. The difference vs clicking the "Add Interface" button as you instruct is that it does not create a VLan. However, using this configuration I could ping the router, access the WMI and browse the internet.
Am I missing something that needs to be done to the VLan configuration?
The firmware is SonicOS Enhanced 5.8.1.6-3o.
I had no problem following your directions. Upon completion of the steps 1 & 2, I changed the IP of my PC to match the newly configured interface(X2:V1) and plugged the Ethernet into the it but I could not pass any traffic to/through the Sonicwall. I didn't do step 3, yet.
After that didn't work, I configured a different interface(X3) by clicking on the "Edit" button on the "Interfaces" screen and configured the interface. The difference vs clicking the "Add Interface" button as you instruct is that it does not create a VLan. However, using this configuration I could ping the router, access the WMI and browse the internet.
Am I missing something that needs to be done to the VLan configuration?
I see the issue. It should *not* be setup as a VLAN child under X2. It should be defined as X2. Also make sure you have a DHCP scope setup for X2 once you have change it so its a VLAN with no parent assigned to X2. Following my instructions, I'm not sure how you arrived at creating a VLAN under X2.
Let's back up a sec...
Were you able to un-assign X2 from the PortShield Group successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create a Zone (named LAN2 or something else) successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create an Interface successfully? If yes, move on to the next question below otherwise, explain what happened.
If it has failed for whatever reason at the Interface stage, just delete it. Deleting the Interface will not affect the PortShield Group un-assignment or the Zone itself.
Let me know how it goes!
Let's back up a sec...
Were you able to un-assign X2 from the PortShield Group successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create a Zone (named LAN2 or something else) successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create an Interface successfully? If yes, move on to the next question below otherwise, explain what happened.
If it has failed for whatever reason at the Interface stage, just delete it. Deleting the Interface will not affect the PortShield Group un-assignment or the Zone itself.
Let me know how it goes!
ASKER
I seem to have it working without using VLan's. Can anyone explain to me what the advantage,if any, there is to using VLan's?
I think you might be getting confused on the terminology here and may actually have it setup correctly.
Do me a favor, take a screenshot of your Network > PortShield Groups, Network > Zones & Network > Interfaces pages.
This way I will be able to see what you have configured and if it correct!
P.S. by assigning a second LAN to the port you are creating a VLAN.
Do me a favor, take a screenshot of your Network > PortShield Groups, Network > Zones & Network > Interfaces pages.
This way I will be able to see what you have configured and if it correct!
P.S. by assigning a second LAN to the port you are creating a VLAN.
ASKER
Here are the screenshots of Interfaces and PortShield Group.
I am assigning each LAN to a distinct port. Let me know if this is way off target.
PortShield-Groups.jpg
Interfaces.jpg
I am assigning each LAN to a distinct port. Let me know if this is way off target.
PortShield-Groups.jpg
Interfaces.jpg
Good Job!
Assuming X2 & X3 are assigned to Engineering & NOC respectfully (or flip flopped)...its PERFECT!
So now you have 1 LAN (X0) and 2 VLANs which are X2 & X3.
Traffic appears to be flowing on both VLANs too.
Let me know if you have any other questions. Thanks!
Assuming X2 & X3 are assigned to Engineering & NOC respectfully (or flip flopped)...its PERFECT!
So now you have 1 LAN (X0) and 2 VLANs which are X2 & X3.
Traffic appears to be flowing on both VLANs too.
Let me know if you have any other questions. Thanks!
ASKER
Yes, I am able to browse from computers on each segment. I also configured ports on each LAN/VLAN with rules to allow Terminal Services connections and those were successful as well.
Thanks for your help. Now I need to dial in the configuration for the needs of each LAN/VLAN. More questions will probably follow.
Thanks for your help. Now I need to dial in the configuration for the needs of each LAN/VLAN. More questions will probably follow.
Your welcome!
What type of configuration are you looking to do? Are you guys filtering outbound traffic?
How you have it setup is pretty straight forward. All traffic inbound should be blocked and all traffic outbound should be allowed by default. If you don't want each Zone to communicate to each other, I'd lock them down as described in section #3 here: http:#a39496851.
If the questions you have are more complex in nature I'd suggest setting up another question for them. If you let me know the question is I can hop over to it and answer it there.
What type of configuration are you looking to do? Are you guys filtering outbound traffic?
How you have it setup is pretty straight forward. All traffic inbound should be blocked and all traffic outbound should be allowed by default. If you don't want each Zone to communicate to each other, I'd lock them down as described in section #3 here: http:#a39496851.
If the questions you have are more complex in nature I'd suggest setting up another question for them. If you let me know the question is I can hop over to it and answer it there.
ASKER
Thanks again for all your help.
Your welcome...my pleasure! I'm glad I could help and thanks for the points.