Solved

configure sonicwall nsa connected to a L3 switch

Posted on 2016-11-11
4
28 Views
Last Modified: 2016-12-01
Hi, we currently have a flat vlan on the sonicwall firewall.  

We're adding a L3 swtich that is already configured to handle routing internally so i dont need the sonicwall to be configured as the router.
From what i understand, I don't need to create any additional vlan's on the sonicwall. I just need to create address objects with the various vlans and create route policies (static routes) and tell it to point to the l3 switch as my next hop.    Wanted to get an example from someone on what that would look like:  (ex. source, destination, etc).

the sonicwall will have the firewall vlan ip of 10.10.11.1
the core switch will have the firewall vlan ip of 10.10.11.2.
the core has several vlan's configured already for routing:  vlan 20 (10.10.20.0/24), vlan 30 (10.10.30.0), and so forth.
Question: in the sonicwall, i'll be changing the X0 (lan) ip to 10.10.11.1.
then create the route policies:  can someone detail the route policy on what it would look like on the sonicwall to confirm what i believe it to be?
ex:  
source
destination
service
gateway
interface
etc.
0
Comment
Question by:seven45
  • 2
  • 2
4 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 41884669
You would define the switch port to which you would connect the sonic wall as a trunk
You then would define the vlans and the IP ranges/vlan firewall ip on this vlan)
If the switch already has its routing rules, you need only deal with how the vlans access the outside, or are you looking to transition the routing from being defined/managed on the switch to being managed by the sonicwall?

Where is your DHCP server or are all ips static?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points (awarded by participants)
ID: 41884672
Checking Dell support pages, see if the below https://support.software.dell.com/kb/sw12076
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 250 total points (awarded by participants)
ID: 41884703
Make the address objects, I like one for each vlan subnet, and one for the l3 switch interface IP on the subnet the sonicwall is connected to it on.
Source any
Dest vlan subnet
Service any
Gateway l3 switch

You can make one for each vlan or group them if you have a lot.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 41908425
Solid advice.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard Firewall Setup 3 89
Cisco Router DMZ 5 79
Cisco Sup720 Migrate to Sup2T 5 70
Router assigned IP addresses 18 90
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question