Solved

Sonicwall 2400 Dual Wan

Posted on 2014-09-21
23
272 Views
Last Modified: 2014-09-24
Hey guys, we have a Sonicwall 2400 here thats been working fine.

We are adding a new more powerful internet link this week, but we are going to keep our current one as backup.

Now there are quite a few NATs in place pointing to the current WAN ips. With the new link coming in, whats the easiest way to modify the NAT rules?
0
Comment
Question by:Cobra25
  • 11
  • 11
23 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 40336386
Are you going to connect both lines to the Sonicwall? If so, are you going to configure failover.

If not and you only want to connect the new one, all you have to do is change the WAN ip address for the interface on the Sonciwall and the rest should take care of itself.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40336738
Remember to change your external DNS to use the ips from the new connection if that is what you want. There is no easy way to load balance incoming traffic, only outgoing.

Also, some traffic like https does not like to be round robin load balanced so you need to make a rule forcing it all through one connection if you go that way.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40339501
Carlmd - yes both lines. How do i make the new LINE the primary one?

Aaron - thanks for the heads up, i dont plan on using load balancing, just failover. Is that still a concern?

What is the easiest way to update the NATs?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40339522
If it's just failover, you will not need to worry about forcing traffic out one connection as only one connection will be used at a time. However to do need to worry about incoming DNS if you are hosting anything internally.

As long as your firewall rules reference the wan zone and not specific ip addresses you should be fine as both connections will come from the wan zone.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40339531
Essentially the main concern is that, now that i am addding the new line in interface x3, how do i make all LAN -> Internet traffic go out this interface?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40339674
I don't have a sonicwall in front of me at the moment, but I believe its on the network routing page. The bottom entry is a really high metric like 255 that goes out your x1, so just make an entry with a slightly lower number to go out x3. Then when it fails x1 takes over.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40339852
Aaaron - ive attached a screenshot for routing
route.jpg
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40339871
Max a route exactly like 7 but with x3 and a lower metric
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40339954
Thanks Aarron,

Last question for now, is before i make the change, how do i save the config??
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40340292
Saves are automatic, if suggest doing an export and saving the file for yourself though
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40340788
Aaron thank you so much. I was able to bring up the connection successfully.

They had a passive firewall (im not sure when the last time it was used) but when i powered it up, it took the whole network down and caused my active FW to reboot and now i cant login to it using my username/password. Have you seen that before?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40340794
Sounds like it's an overlapping ip with a gateway address, maybe even the sonicwall?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40340795
could be, i powered it off. Thne i restarted the active one again, but i still cant login to it with my username/pw.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40340804
It's a second sonicwall in an HA setup?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40340808
That's the weird part. On my active fw the ha wasnt even figured. There was a passive one there and I was told to go ahead power it up and configure. . Didn't expect this to happen
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40340821
I wonder if the passive wasn't so passive and somehow pushed its old config to the good one? I've never done HA before so I don't know if that's even possible.
Here is the best writeup I could find
http://kb.guru-corner.com/question.php?ID=308

You did take a backup of you config like I.said right? So you can always reset to defaults and upload that
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40340824
I did do a backup. I did both export and also create backup. Which one do I use to restore?

Will I need to find any license keys after resetting?
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40340841
Go into safe mode
https://support.software.dell.com/kb/sw8010
If you can restore from the backup image, do that, otherwise import your config. I like the export because you can save it whenever you make a change as a snapshot in time. Backup is really only useful for firmware upgrades and this sort of thing.

You shouldn't need any license keys as those should be synced to my sonicwall.com
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40342049
Aarron i did that and got everything back up. Thank you soo much!

I took the passive firewalll back with me, i'm going to reset it. Will i have any problems adding it in now as a passive firewall or is that something you have to do at initial setup with both firewalls?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40342062
Use the link I sent a few posts up, it has all the getting started guides for HA.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40342082
Thanks. For some reason i can access the FW from the public web now. Would like to turn this off!
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40342139
network->interfaces->wan edit, uncheck whatever you don't want to be active on the interface. Personally I only leave ping checked as I like to monitor that for uptime. If I need to admin it remotely, I use a remote access app on a pc inside my network and hit it that way.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40342156
Perfect. Thanks again!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question