routing between two sonicwall NSA 2600's connected via patch cable on x2 port

Desperate to get route going between two NSA 2600's (connected via patch cable on x2 port on each). 2 different subnets, NSA 2600 A needs to be able to connect to and see devices on NSA 2600 B. Could I pay someone for an hour of your time? I can provide more details here as well. Thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

J SpoorTME / Network Security EvangelistCommented:
Please prove the subnets and SonicWALL IP addresses used.

View example configurations and the SonicWALL webui and features on or

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on or

You can also view the Next-Generation Firewalls via or
J SpoorTME / Network Security EvangelistCommented:
Say SonicWALL A has X0
Say SonicWALL A has X2
Say SonicWALL B has X0
Say SonicWALL B has X2

On SonicWALL A add a static route
src = any
dst -
gw =
int = X2

On SonicWALL B add a static route
src = any
dst -
gw =
int = X2
markgal26Author Commented:
Thank you for your reply!
I will try this and be back to you soon
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

markgal26Author Commented:
Ok, this is precisely what I've tried to do.  Perhaps my configuration is wrong somewhere along the line? perhaps I created the address object incorrectly?  I will come back and post screenshots if that is helpful?
J SpoorTME / Network Security EvangelistCommented:
which zone is X2?

did you create proper firewall rules?

e.g. if it's DMZ zone, you will need to add DMZ to LAN firewall rules.
markgal26Author Commented:
X2 is in a trusted zone along with X0 (lan)
it is not DMZ
I believe the firewall rules are OK as well (also as everything is in trusted zone aren't those rules created or observed automatically?)
J SpoorTME / Network Security EvangelistCommented:
depends on settings. I would check the firewall rules just in case.

screenshots would help.
markgal26Author Commented:

First I'll upload "phone network" (one NSA 2600) then "data network" (the other NSA 2600)
in your example lets replace with:
phone network: 10.0.0.x / x2 interface ip:
data network: 10.0.1.x / x2 interface IP:

ideally the data network needs to see devices/servers on the phone network (other way around not necesssary)

right now each network can ping the firewall of the other network, but thats it..

phone network firewall

phone network interface

phone network objects

phone network routing

data network firewall


data network interface

data network objects

data network route
J SpoorTME / Network Security EvangelistCommented:
the routes are wrong.
destination should be the other nsa's X0 network, not the local X2 network
markgal26Author Commented:
I've tried a combo of everything, grasping at straws.. when I try it that way I can't ping at all.  Here is it is with the route and the corresponding address object for the destination xo network


J SpoorTME / Network Security EvangelistCommented:
pls do the following,
make the routes as in the last screenshot
so on the 10.0.0.x SonicWALL
src= ANY
dst = 10.0.1.x
gw =
int = X2

so on the 10.0.1.x SonicWALL
src= ANY
dst = 10.0.0.x
gw =
int = X2

on firewall settings>advanced
enable " Decrement IP TTL for forwarded traffic"

then from the 10.0.0.x network do
tracert (or a valid ip ontha tnet)

then from the 10.0.1.x network do
tracert (or a valid ip ontha tnet)

pls provide tracert output.

I assume the networks use the SonicWALL as default gateway?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
markgal26Author Commented:
I believe we are good! looks like its working so far. Can't thank you enough :-)
what can I do to say thanks? don't want to break any rules can you send an email address? or is that no no..
J SpoorTME / Network Security EvangelistCommented:
if the case is solved, please mark the answer as solving your case :)
markgal26Author Commented:
jspoor is awesome - thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.