Solved

Sonicwall NSA 2400 Portshield

Posted on 2014-01-10
5
2,717 Views
Last Modified: 2014-12-16
What happened to Portshield? We use the TZ series primarily, but recently purchased an NSA 2400 for our office. I need ports X2-X5 to be a separate LAN2 with a separate IP range. I do not want to use another switch to connect 3-4 servers together and then go through X2. I want to plug each server into X2, X3, X4 and X5, they all be able to see each other, but NOT the LAN and use the same gateway such as 192.168.50.1. Possible?
0
Comment
Question by:CUBLA1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 

Author Comment

by:CUBLA1
ID: 39772647
Ok the last part was confusing. I meant, they all need to share their own gateway 192.168.50.1 that is separate from the LAN. LAN gateway is 192.168.1.1 and LAN2 gateway will be 192.168.50.1. I cannot bridge more than two ports. Portshield seems to be gone. So how to I add member interfaces together to create a LAN2 off the sonicwall directly? This used to be easy!
0
 
LVL 10

Accepted Solution

by:
convergint earned 250 total points
ID: 39772969
There is no portshield on the NSA 2400 unfortunately and Sonicwall says that if you need more than two bridged interfaces you need to use transparent mode.  The stupid thing is that transparent mode is only for WAN bridging to the LAN subnets.  I might be missing something but it doesn't look like that will work in your case.  You could try configuring 192.168.50.1 to be a WAN port on X2 and then enable transparent mode on the rest of the interfaces.  In theory it should work but you would also need to open or disable the firewall on that X2 port to make it behave like a LAN port instead of a WAN port.  The transparent mode guide is here: http://kb.guru-corner.com/question.php?ID=297

However, you might be able to do this with routes and assigning each LAN2 port a static ip with a subnet mask of 30.  It is not pretty and I have no idea if it will actually work until you test it.

For example, you could assign the following:

X0 - LAN Zone - 192.168.1.1/24
X1 - WAN Zone
X2 - LAN2 Zone - 192.168.50.1/30 - assign server1 to ip address 192.168.50.2
X3 - LAN2 Zone - 192.168.50.5/30 - assign server2 to ip address 192.168.50.6
X4 - LAN2 Zone - 192.168.50.9/30 - assign server3 to ip address 192.168.50.10
X5 - LAN2 Zone - 192.168.50.13/30 - assign server4 to ip address 192.168.50.14

Then create new routes for X3, X4 and X5 to reach X2.

For example,
Source - X3 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X4 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2
Source - X5 Subnet, Destination - X2 IP, Service - Any, Gateway - X2 IP, Interface - X2

It really seems silly that a simple thing like bridging more than two ports are not allowed and as far as I can tell there's no easy like like portshields/vlans on the NSA 2400.
0
 

Author Comment

by:CUBLA1
ID: 39772978
I agree with everything you wrote and had pretty much come to the same solution / conclusion. I find it dirty and unnecessarily complicated. Why in the world would they take something so simple away? It works great on the TZ series! I see on the NSA it still has the column for "members" yet doesn't allow you to actually assign members to zones?? I would love to know their reasoning behind removing this option for this model. Is this all NSA's? For a firewall that is three times the cost of a TZ you would think it would protect against STD's!! Never would I have thought it wouldn't provide a service already being offered with lesser models. I must say I've been using Sonicwall for 20 years and this is the first time I'm actually disappointed. I'll wait a day or so before awarding points just to make sure someone doesn't come along smarter than the two of us. Anybody?  By the way, I have a few clients using NSA 240's and they have the Portshield option. Older model? Firmware fubar?
0
 
LVL 10

Expert Comment

by:convergint
ID: 39772993
I've been using them for over 7 years and still love them but I'm lucky in that I have layer 3 Procurve switches behind the Sonicwall where I can do whatever I want.

It looks like more of a marketing decision in that they probably feel that anyone able to purchase a NSA 2400 and higher would be a enterprise client and would typically have L3 switches at their disposal.  To be honest, I really miss our Pro 1260s, they were perfect for our smaller offices with the 24 LAN ports that could be portshielded.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40504239
Just an FYI... PortShielding Groups exists!!! Several months back SonicWALL released PortShielding in their 6.1 SonicOS leg for NSA appliances plus a bunch of other cool items like Switching, VLAN trunking, L2 Discovery, Link Aggregation and Port Mirroring to name a few...!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why should I virtualize?  It’s a question that’s asked often enough.  My response is usually “Why SHOULDN’T you virtualize?”
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question