Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.
Sonicwall TZ 105 configuration for Multiple LAN’s
I have a new Sonicwall TZ 105 that I need to configure with multiple LAN’s. This is a continuation of the following question now that I have settled on the Sonicwall for hardware:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_28204662.html
I would like some opinions as to whether or not the solution from the above question is the most ideal for the Sonicwall or if there is a better suited solution.
I have spent a considerable amount of time reading through the Administrator’s Guide and watching tutorials so I do have a basic understanding of the device. However, I’m looking for a basic outline of the steps I should take using Sonicwall specific language.
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_28204662.html
I would like some opinions as to whether or not the solution from the above question is the most ideal for the Sonicwall or if there is a better suited solution.
I have spent a considerable amount of time reading through the Administrator’s Guide and watching tutorials so I do have a basic understanding of the device. However, I’m looking for a basic outline of the steps I should take using Sonicwall specific language.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thank you. I will get to trying this as soon as I can- today or tomorrow. I will let you know how it goes.
When I go through the setup that is outlined I don't have any access through the port including pinging(which I assigned) or accessing the WMI.
If I configure the port direclty (no VLan), it works as I would expect. I assume that I am missing a step after configuring the port with the VLan.
If I configure the port direclty (no VLan), it works as I would expect. I assume that I am missing a step after configuring the port with the VLan.
What part are you having problems with exactly?
What is the firmware version you are using?
When I go through the setup that is outlined I don't have any access through the port including pinging(which I assigned) or accessing the WMI.I don't know what this means? Are you talking about the Zone Interface configuration? If so, forget about access...we can assign whatever services you want to run here later after the config is complete.
If I configure the port direclty (no VLan), it works as I would expect. I assume that I am missing a step after configuring the port with the VLan.What do you mean directly...through PortSheilding? If so, you cannot assign a Zone that way...you have to follow the steps how I have laid them out.
What is the firmware version you are using?
I'm sorry for the vague update.
The firmware is SonicOS Enhanced 5.8.1.6-3o.
I had no problem following your directions. Upon completion of the steps 1 & 2, I changed the IP of my PC to match the newly configured interface(X2:V1) and plugged the Ethernet into the it but I could not pass any traffic to/through the Sonicwall. I didn't do step 3, yet.
After that didn't work, I configured a different interface(X3) by clicking on the "Edit" button on the "Interfaces" screen and configured the interface. The difference vs clicking the "Add Interface" button as you instruct is that it does not create a VLan. However, using this configuration I could ping the router, access the WMI and browse the internet.
Am I missing something that needs to be done to the VLan configuration?
The firmware is SonicOS Enhanced 5.8.1.6-3o.
I had no problem following your directions. Upon completion of the steps 1 & 2, I changed the IP of my PC to match the newly configured interface(X2:V1) and plugged the Ethernet into the it but I could not pass any traffic to/through the Sonicwall. I didn't do step 3, yet.
After that didn't work, I configured a different interface(X3) by clicking on the "Edit" button on the "Interfaces" screen and configured the interface. The difference vs clicking the "Add Interface" button as you instruct is that it does not create a VLan. However, using this configuration I could ping the router, access the WMI and browse the internet.
Am I missing something that needs to be done to the VLan configuration?
I see the issue. It should *not* be setup as a VLAN child under X2. It should be defined as X2. Also make sure you have a DHCP scope setup for X2 once you have change it so its a VLAN with no parent assigned to X2. Following my instructions, I'm not sure how you arrived at creating a VLAN under X2.
Let's back up a sec...
Were you able to un-assign X2 from the PortShield Group successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create a Zone (named LAN2 or something else) successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create an Interface successfully? If yes, move on to the next question below otherwise, explain what happened.
If it has failed for whatever reason at the Interface stage, just delete it. Deleting the Interface will not affect the PortShield Group un-assignment or the Zone itself.
Let me know how it goes!
Let's back up a sec...
Were you able to un-assign X2 from the PortShield Group successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create a Zone (named LAN2 or something else) successfully? If yes, move on to the next question below otherwise, explain what happened.
Were you able to create an Interface successfully? If yes, move on to the next question below otherwise, explain what happened.
If it has failed for whatever reason at the Interface stage, just delete it. Deleting the Interface will not affect the PortShield Group un-assignment or the Zone itself.
Let me know how it goes!
I seem to have it working without using VLan's. Can anyone explain to me what the advantage,if any, there is to using VLan's?
I think you might be getting confused on the terminology here and may actually have it setup correctly.
Do me a favor, take a screenshot of your Network > PortShield Groups, Network > Zones & Network > Interfaces pages.
This way I will be able to see what you have configured and if it correct!
P.S. by assigning a second LAN to the port you are creating a VLAN.
Do me a favor, take a screenshot of your Network > PortShield Groups, Network > Zones & Network > Interfaces pages.
This way I will be able to see what you have configured and if it correct!
P.S. by assigning a second LAN to the port you are creating a VLAN.
Here are the screenshots of Interfaces and PortShield Group.
I am assigning each LAN to a distinct port. Let me know if this is way off target.
PortShield-Groups.jpg
Interfaces.jpg
I am assigning each LAN to a distinct port. Let me know if this is way off target.
PortShield-Groups.jpg
Interfaces.jpg
Good Job!
Assuming X2 & X3 are assigned to Engineering & NOC respectfully (or flip flopped)...its PERFECT!
So now you have 1 LAN (X0) and 2 VLANs which are X2 & X3.
Traffic appears to be flowing on both VLANs too.
Let me know if you have any other questions. Thanks!
Assuming X2 & X3 are assigned to Engineering & NOC respectfully (or flip flopped)...its PERFECT!
So now you have 1 LAN (X0) and 2 VLANs which are X2 & X3.
Traffic appears to be flowing on both VLANs too.
Let me know if you have any other questions. Thanks!
Yes, I am able to browse from computers on each segment. I also configured ports on each LAN/VLAN with rules to allow Terminal Services connections and those were successful as well.
Thanks for your help. Now I need to dial in the configuration for the needs of each LAN/VLAN. More questions will probably follow.
Thanks for your help. Now I need to dial in the configuration for the needs of each LAN/VLAN. More questions will probably follow.
Your welcome!
What type of configuration are you looking to do? Are you guys filtering outbound traffic?
How you have it setup is pretty straight forward. All traffic inbound should be blocked and all traffic outbound should be allowed by default. If you don't want each Zone to communicate to each other, I'd lock them down as described in section #3 here: http:#a39496851.
If the questions you have are more complex in nature I'd suggest setting up another question for them. If you let me know the question is I can hop over to it and answer it there.
What type of configuration are you looking to do? Are you guys filtering outbound traffic?
How you have it setup is pretty straight forward. All traffic inbound should be blocked and all traffic outbound should be allowed by default. If you don't want each Zone to communicate to each other, I'd lock them down as described in section #3 here: http:#a39496851.
If the questions you have are more complex in nature I'd suggest setting up another question for them. If you let me know the question is I can hop over to it and answer it there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
First off great choice on the TZ 105 - its a great firewall...one of the best in the market for the sizing & price.
So as @aarontomosky said in his post (http:Q_28204662.html#a39386090) put the Comcast modem into "bridge mode".
Then use PortShielding to separate & assign the ports to each subnet and zone respectively.
Here's how you do it:
Your Default PortShielding setup should be: X0 (LAN), X1 (WAN), X2-4 (LAN), W0 (WiFi (if available)). So we are going to utilize X2 as your new LAN2 or whatever you are going to call it.
Login to the SonicWALL.
1. Unassign a PortShield Group
2. Setup a New Interface
Now you have create a separate subnet and zone which are assigned to the X2 port. To protect the Zone & lock down the traffic to the Zone follow the steps below.
3. Lock Down Zones
Do the same for the LAN2 > LAN Access Rule. This will deny all traffic from LAN > LAN2 and LAN2 > LAN.
Let me know if you have any questions!