Sonicwall NSA 2400 Portshield

What happened to Portshield? We use the TZ series primarily, but recently purchased an NSA 2400 for our office. I need ports X2-X5 to be a separate LAN2 with a separate IP range. I do not want to use another switch to connect 3-4 servers together and then go through X2. I want to plug each server into X2, X3, X4 and X5, they all be able to see each other, but NOT the LAN and use the same gateway such as Possible?
Who is Participating?
convergintConnect With a Mentor Commented:
There is no portshield on the NSA 2400 unfortunately and Sonicwall says that if you need more than two bridged interfaces you need to use transparent mode.  The stupid thing is that transparent mode is only for WAN bridging to the LAN subnets.  I might be missing something but it doesn't look like that will work in your case.  You could try configuring to be a WAN port on X2 and then enable transparent mode on the rest of the interfaces.  In theory it should work but you would also need to open or disable the firewall on that X2 port to make it behave like a LAN port instead of a WAN port.  The transparent mode guide is here:

However, you might be able to do this with routes and assigning each LAN2 port a static ip with a subnet mask of 30.  It is not pretty and I have no idea if it will actually work until you test it.

For example, you could assign the following:

X0 - LAN Zone -
X1 - WAN Zone
X2 - LAN2 Zone - - assign server1 to ip address
X3 - LAN2 Zone - - assign server2 to ip address
X4 - LAN2 Zone - - assign server3 to ip address
X5 - LAN2 Zone - - assign server4 to ip address

Then create new routes for X3, X4 and X5 to reach X2.

For example,
Source - X3 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X4 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X5 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2

It really seems silly that a simple thing like bridging more than two ports are not allowed and as far as I can tell there's no easy like like portshields/vlans on the NSA 2400.
CUBLA1Author Commented:
Ok the last part was confusing. I meant, they all need to share their own gateway that is separate from the LAN. LAN gateway is and LAN2 gateway will be I cannot bridge more than two ports. Portshield seems to be gone. So how to I add member interfaces together to create a LAN2 off the sonicwall directly? This used to be easy!
CUBLA1Author Commented:
I agree with everything you wrote and had pretty much come to the same solution / conclusion. I find it dirty and unnecessarily complicated. Why in the world would they take something so simple away? It works great on the TZ series! I see on the NSA it still has the column for "members" yet doesn't allow you to actually assign members to zones?? I would love to know their reasoning behind removing this option for this model. Is this all NSA's? For a firewall that is three times the cost of a TZ you would think it would protect against STD's!! Never would I have thought it wouldn't provide a service already being offered with lesser models. I must say I've been using Sonicwall for 20 years and this is the first time I'm actually disappointed. I'll wait a day or so before awarding points just to make sure someone doesn't come along smarter than the two of us. Anybody?  By the way, I have a few clients using NSA 240's and they have the Portshield option. Older model? Firmware fubar?
I've been using them for over 7 years and still love them but I'm lucky in that I have layer 3 Procurve switches behind the Sonicwall where I can do whatever I want.

It looks like more of a marketing decision in that they probably feel that anyone able to purchase a NSA 2400 and higher would be a enterprise client and would typically have L3 switches at their disposal.  To be honest, I really miss our Pro 1260s, they were perfect for our smaller offices with the 24 LAN ports that could be portshielded.
Blue Street TechLast KnightsCommented:
Just an FYI... PortShielding Groups exists!!! Several months back SonicWALL released PortShielding in their 6.1 SonicOS leg for NSA appliances plus a bunch of other cool items like Switching, VLAN trunking, L2 Discovery, Link Aggregation and Port Mirroring to name a few...!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.