Solved

routing between two sonicwall NSA 2600's connected via patch cable on x2 port

Posted on 2016-08-31
14
42 Views
Last Modified: 2016-08-31
Desperate to get route going between two NSA 2600's (connected via patch cable on x2 port on each). 2 different subnets, NSA 2600 A needs to be able to connect to and see devices on NSA 2600 B. Could I pay someone for an hour of your time? I can provide more details here as well. Thank you
0
Comment
Question by:markgal26
  • 7
  • 7
14 Comments
 
LVL 7

Expert Comment

by:J Spoor
ID: 41778447
Please prove the subnets and SonicWALL IP addresses used.



View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on http://apt-demo.com or http://atp.demo.com

You can also view the Next-Generation Firewalls via
http://next-generation-firewall.com or http://next-generation-firewall-demo.com
0
 
LVL 7

Expert Comment

by:J Spoor
ID: 41778451
Say SonicWALL A has X0 192.168.1.1/24
Say SonicWALL A has X2 192.168.2.1/24
Say SonicWALL B has X0 192.168.3.1/24
Say SonicWALL B has X2 192.168.2.2/24

On SonicWALL A add a static route
src = any
dst - 192.168.3.0/24
gw = 192.168.2.2
int = X2

On SonicWALL B add a static route
src = any
dst - 192.168.1.0/24
gw = 192.168.2.1
int = X2
0
 

Author Comment

by:markgal26
ID: 41778467
Thank you for your reply!
I will try this and be back to you soon
0
 

Author Comment

by:markgal26
ID: 41778488
Ok, this is precisely what I've tried to do.  Perhaps my configuration is wrong somewhere along the line? perhaps I created the address object incorrectly?  I will come back and post screenshots if that is helpful?
0
 
LVL 7

Expert Comment

by:J Spoor
ID: 41778493
which zone is X2?

did you create proper firewall rules?

e.g. if it's DMZ zone, you will need to add DMZ to LAN firewall rules.
0
 

Author Comment

by:markgal26
ID: 41778501
X2 is in a trusted zone along with X0 (lan)
it is not DMZ
I believe the firewall rules are OK as well (also as everything is in trusted zone aren't those rules created or observed automatically?)
0
 
LVL 7

Expert Comment

by:J Spoor
ID: 41778530
depends on settings. I would check the firewall rules just in case.

screenshots would help.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:markgal26
ID: 41778546
Ok,

First I'll upload "phone network" (one NSA 2600) then "data network" (the other NSA 2600)
in your example lets replace with:
phone network: 10.0.0.x / x2 interface ip: 192.168.0.2
data network: 10.0.1.x / x2 interface IP: 192.168.0.3

ideally the data network needs to see devices/servers on the phone network (other way around not necesssary)

right now each network can ping the firewall of the other network, but thats it..

phone network firewall

phone network interface
-----------------------

phone network objects
-------------------------

phone network routing
---------------------------

data network firewall

----------------------------

data network interface
------------------------------

data network objects
--------------------------------

data network route
0
 
LVL 7

Assisted Solution

by:J Spoor
J Spoor earned 500 total points
ID: 41778561
the routes are wrong.
destination should be the other nsa's X0 network, not the local X2 network
0
 

Author Comment

by:markgal26
ID: 41778590
I've tried a combo of everything, grasping at straws.. when I try it that way I can't ping at all.  Here is it is with the route and the corresponding address object for the destination xo network

route-from-data-to-phone.png
---------------------

data-network-address-object-to-phone.png
0
 
LVL 7

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41778600
pls do the following,
make the routes as in the last screenshot
so on the 10.0.0.x SonicWALL
src= ANY
dst = 10.0.1.x
gw = 192.168.0.3
int = X2

so on the 10.0.1.x SonicWALL
src= ANY
dst = 10.0.0.x
gw = 192.168.0.2
int = X2

on firewall settings>advanced
enable " Decrement IP TTL for forwarded traffic"

then from the 10.0.0.x network do
tracert 10.0.1.2 (or a valid ip ontha tnet)

then from the 10.0.1.x network do
tracert 10.0.0.2 (or a valid ip ontha tnet)

pls provide tracert output.

I assume the networks use the SonicWALL as default gateway?
0
 

Author Comment

by:markgal26
ID: 41778602
I believe we are good! looks like its working so far. Can't thank you enough :-)
what can I do to say thanks? don't want to break any rules can you send an email address? or is that no no..
0
 
LVL 7

Expert Comment

by:J Spoor
ID: 41778607
if the case is solved, please mark the answer as solving your case :)
0
 

Author Closing Comment

by:markgal26
ID: 41778613
jspoor is awesome - thank you!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Squid Connection Pools 3 45
Restrict RDP Remote Access through SonicWall 3 95
Fortigate 100D NTP Issue 4 50
Palo Alto Networks: Truly No Hit Count? 2 16
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now