I need to configure two same firewalls (Sonicwall Nsa 240) in same building but different floors.
We have an Nsa 240 firewall in infrastructure but the problem is, the number of connection Nsa240 can handle is only 10,000 and we are reaching to almost around 12,000 connections which is causing bandwidth issue and also making the CPU utilization upto 95% to 99% and i cannot even access the firewall.
The biggest issues here is that,the users daily face internet slow issues and when they report issues i always see the sonicwall logs to confirm which machine is causing more connection.
I did all the work around to isolate the issue but it seems to be not working out for me.
Here is my workaround:-
The maximum connections that the NSA240 model can handle is 10,000 and i see sometimes the connections crosses the maximum limit where CPU utilization gets high and then the firewall goes into the not responding mode and will not come back normal unless i restart it. So after lot of investigations like bandwidth management, removing unnecessary policies in the firewall, deleting unused access rules/VPN, Disable the app flow monitor, increasing MTU to 1500 is what configured at the ISP end,Checked each one of the machine for Viruses, none has worked for me to overcome.
After all the above mentioned troubleshooting, the SonicWall folks have suggested to upgrade the hardware that can support our business requirement which is understood and needs to be followed.
So before we do hardware upgrade, we have decided to configure a spare firewall nsa240 which can share the load actually.
Now, i want to configure the new firewall on other floor and want to create communication with both firewalls as users needs to access the local resources.
The only option i see to have this work is either create a site to site VPN policy, or connect both firewalls with physical connectivity and configure a route in between.
Could someone suggest me what would be the best possible way i can get this done please?
Any help will be much appreciated.