Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Sonicwall NSA 2400 Portshield

Posted on 2014-01-10
5
2,518 Views
Last Modified: 2014-12-16
What happened to Portshield? We use the TZ series primarily, but recently purchased an NSA 2400 for our office. I need ports X2-X5 to be a separate LAN2 with a separate IP range. I do not want to use another switch to connect 3-4 servers together and then go through X2. I want to plug each server into X2, X3, X4 and X5, they all be able to see each other, but NOT the LAN and use the same gateway such as 192.168.50.1. Possible?
0
Comment
Question by:CUBLA1
  • 2
  • 2
5 Comments
 

Author Comment

by:CUBLA1
ID: 39772647
Ok the last part was confusing. I meant, they all need to share their own gateway 192.168.50.1 that is separate from the LAN. LAN gateway is 192.168.1.1 and LAN2 gateway will be 192.168.50.1. I cannot bridge more than two ports. Portshield seems to be gone. So how to I add member interfaces together to create a LAN2 off the sonicwall directly? This used to be easy!
0
 
LVL 10

Accepted Solution

by:
convergint earned 250 total points
ID: 39772969
There is no portshield on the NSA 2400 unfortunately and Sonicwall says that if you need more than two bridged interfaces you need to use transparent mode.  The stupid thing is that transparent mode is only for WAN bridging to the LAN subnets.  I might be missing something but it doesn't look like that will work in your case.  You could try configuring 192.168.50.1 to be a WAN port on X2 and then enable transparent mode on the rest of the interfaces.  In theory it should work but you would also need to open or disable the firewall on that X2 port to make it behave like a LAN port instead of a WAN port.  The transparent mode guide is here: http://kb.guru-corner.com/question.php?ID=297

However, you might be able to do this with routes and assigning each LAN2 port a static ip with a subnet mask of 30.  It is not pretty and I have no idea if it will actually work until you test it.

For example, you could assign the following:

X0 - LAN Zone - 192.168.1.1/24
X1 - WAN Zone
X2 - LAN2 Zone - 192.168.50.1/30 - assign server1 to ip address 192.168.50.2
X3 - LAN2 Zone - 192.168.50.5/30 - assign server2 to ip address 192.168.50.6
X4 - LAN2 Zone - 192.168.50.9/30 - assign server3 to ip address 192.168.50.10
X5 - LAN2 Zone - 192.168.50.13/30 - assign server4 to ip address 192.168.50.14

Then create new routes for X3, X4 and X5 to reach X2.

For example,
Source - X3 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X4 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X5 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2

It really seems silly that a simple thing like bridging more than two ports are not allowed and as far as I can tell there's no easy like like portshields/vlans on the NSA 2400.
0
 

Author Comment

by:CUBLA1
ID: 39772978
I agree with everything you wrote and had pretty much come to the same solution / conclusion. I find it dirty and unnecessarily complicated. Why in the world would they take something so simple away? It works great on the TZ series! I see on the NSA it still has the column for "members" yet doesn't allow you to actually assign members to zones?? I would love to know their reasoning behind removing this option for this model. Is this all NSA's? For a firewall that is three times the cost of a TZ you would think it would protect against STD's!! Never would I have thought it wouldn't provide a service already being offered with lesser models. I must say I've been using Sonicwall for 20 years and this is the first time I'm actually disappointed. I'll wait a day or so before awarding points just to make sure someone doesn't come along smarter than the two of us. Anybody?  By the way, I have a few clients using NSA 240's and they have the Portshield option. Older model? Firmware fubar?
0
 
LVL 10

Expert Comment

by:convergint
ID: 39772993
I've been using them for over 7 years and still love them but I'm lucky in that I have layer 3 Procurve switches behind the Sonicwall where I can do whatever I want.

It looks like more of a marketing decision in that they probably feel that anyone able to purchase a NSA 2400 and higher would be a enterprise client and would typically have L3 switches at their disposal.  To be honest, I really miss our Pro 1260s, they were perfect for our smaller offices with the 24 LAN ports that could be portshielded.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40504239
Just an FYI... PortShielding Groups exists!!! Several months back SonicWALL released PortShielding in their 6.1 SonicOS leg for NSA appliances plus a bunch of other cool items like Switching, VLAN trunking, L2 Discovery, Link Aggregation and Port Mirroring to name a few...!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question