Solved

Sonicwall NSA 2400 Portshield

Posted on 2014-01-10
5
2,269 Views
Last Modified: 2014-12-16
What happened to Portshield? We use the TZ series primarily, but recently purchased an NSA 2400 for our office. I need ports X2-X5 to be a separate LAN2 with a separate IP range. I do not want to use another switch to connect 3-4 servers together and then go through X2. I want to plug each server into X2, X3, X4 and X5, they all be able to see each other, but NOT the LAN and use the same gateway such as 192.168.50.1. Possible?
0
Comment
Question by:CUBLA1
  • 2
  • 2
5 Comments
 

Author Comment

by:CUBLA1
ID: 39772647
Ok the last part was confusing. I meant, they all need to share their own gateway 192.168.50.1 that is separate from the LAN. LAN gateway is 192.168.1.1 and LAN2 gateway will be 192.168.50.1. I cannot bridge more than two ports. Portshield seems to be gone. So how to I add member interfaces together to create a LAN2 off the sonicwall directly? This used to be easy!
0
 
LVL 10

Accepted Solution

by:
convergint earned 250 total points
ID: 39772969
There is no portshield on the NSA 2400 unfortunately and Sonicwall says that if you need more than two bridged interfaces you need to use transparent mode.  The stupid thing is that transparent mode is only for WAN bridging to the LAN subnets.  I might be missing something but it doesn't look like that will work in your case.  You could try configuring 192.168.50.1 to be a WAN port on X2 and then enable transparent mode on the rest of the interfaces.  In theory it should work but you would also need to open or disable the firewall on that X2 port to make it behave like a LAN port instead of a WAN port.  The transparent mode guide is here: http://kb.guru-corner.com/question.php?ID=297

However, you might be able to do this with routes and assigning each LAN2 port a static ip with a subnet mask of 30.  It is not pretty and I have no idea if it will actually work until you test it.

For example, you could assign the following:

X0 - LAN Zone - 192.168.1.1/24
X1 - WAN Zone
X2 - LAN2 Zone - 192.168.50.1/30 - assign server1 to ip address 192.168.50.2
X3 - LAN2 Zone - 192.168.50.5/30 - assign server2 to ip address 192.168.50.6
X4 - LAN2 Zone - 192.168.50.9/30 - assign server3 to ip address 192.168.50.10
X5 - LAN2 Zone - 192.168.50.13/30 - assign server4 to ip address 192.168.50.14

Then create new routes for X3, X4 and X5 to reach X2.

For example,
Source - X3 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X4 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X5 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2

It really seems silly that a simple thing like bridging more than two ports are not allowed and as far as I can tell there's no easy like like portshields/vlans on the NSA 2400.
0
 

Author Comment

by:CUBLA1
ID: 39772978
I agree with everything you wrote and had pretty much come to the same solution / conclusion. I find it dirty and unnecessarily complicated. Why in the world would they take something so simple away? It works great on the TZ series! I see on the NSA it still has the column for "members" yet doesn't allow you to actually assign members to zones?? I would love to know their reasoning behind removing this option for this model. Is this all NSA's? For a firewall that is three times the cost of a TZ you would think it would protect against STD's!! Never would I have thought it wouldn't provide a service already being offered with lesser models. I must say I've been using Sonicwall for 20 years and this is the first time I'm actually disappointed. I'll wait a day or so before awarding points just to make sure someone doesn't come along smarter than the two of us. Anybody?  By the way, I have a few clients using NSA 240's and they have the Portshield option. Older model? Firmware fubar?
0
 
LVL 10

Expert Comment

by:convergint
ID: 39772993
I've been using them for over 7 years and still love them but I'm lucky in that I have layer 3 Procurve switches behind the Sonicwall where I can do whatever I want.

It looks like more of a marketing decision in that they probably feel that anyone able to purchase a NSA 2400 and higher would be a enterprise client and would typically have L3 switches at their disposal.  To be honest, I really miss our Pro 1260s, they were perfect for our smaller offices with the 24 LAN ports that could be portshielded.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 40504239
Just an FYI... PortShielding Groups exists!!! Several months back SonicWALL released PortShielding in their 6.1 SonicOS leg for NSA appliances plus a bunch of other cool items like Switching, VLAN trunking, L2 Discovery, Link Aggregation and Port Mirroring to name a few...!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

From Coral's  "So You Want To Play With Computers" Series A bit of background first, so this story will make a little sense. One day, probably because he needed a good laugh, Finagle hooked me up with a church to upgrade/run their Media Booth.…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now