SonicWALL firewall config: Switching interfaces

Hi Guys,

I had to switch our two WAN Interfaces on SonicWALL, (Thus X1 & X2)

1.  I switched the public IP configuration under Interface Settings
2.  and changed all the NAT policies, switching X1 & X2 for all rules


My questions,

a.  Is there any other rule(s) that need to be changed to switch primary internet access for LAN users between X1 & X2?

b.  I've noticed that some NAT rules refer to an "address object" rather than the interface (X1/X2) directly.  
These I did not change as the object's public address was still correct.  Is there a difference in referring to the interface (X1/X2) directly, or using an object instead?  
In my case, where I had to switch X1 & X2 ... the rules with objects made things a bit easier as it stayed the same.  Is this the only difference using an object or referencing to the interface directly?
Rupert EghardtProgrammerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CESNetwork AdministratorCommented:
I would ensure that don't have any outbound NAT rules that force traffic out of a specific Interface and correct those if necessary.  Other than that, If all that has changed is the interface and the IPs/zones were just flipped between them, then  you should be fine.  

As long as all the address objects are staying in the same zones (WAN/LAN/VPN,etc...) then there should not be any issues.  These zones are what the firewall component uses to allow traffic and thus they don't care about the physical interface.  FWIW, the address object contains a zone assignment when it is created, so that is already taken into account.
0
Rupert EghardtProgrammerAuthor Commented:
Thank you!

I would ensure that don't have any outbound NAT rules that force traffic out of a specific Interface and correct those if necessary.  Other than that, If all that has changed is the interface and the IPs/zones were just flipped between them, then  you should be fine.

I checked for specific outgoing rules, but did not spot any.

As long as all the address objects are staying in the same zones (WAN/LAN/VPN,etc...) then there should not be any issues.  These zones are what the firewall component uses to allow traffic and thus they don't care about the physical interface.  FWIW, the address object contains a zone assignment when it is created, so that is already taken into account.

Thus the benefit of using address-objects is that is making NAT-policy switching between interfaces easier?  (Than just straight reference to the interface instead)?  
0
CESNetwork AdministratorCommented:
Address objects are sort of like the SonicWall's version of DNS.  As a firewall it cares about IP addresses, but you can name the object whatever you want to make it easier to remember, so you can say 'server1' rather than 10.10.10.50 or whatever.  When creating them, you also say what zone they are in.  That's the benefit of them.

So yes it makes creating NAT rules easier in that sense
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Hi Rupert,

To answer question A:
Can you clarify for me what you are trying to accomplish? X1 sound always be the Primary WAN connection. This is because there are back-end services that rely on X1 being the Primary WAN Interface. You can add additional WANs to any other physically port aside from X0 and W0 (provided your unit has that).

If you need to flip flop the order of Sans moving the original Primary WAN to the secondary WAN out is a best practice to unplug WAN1 from X1 and plug it into X2 and vice versa. Then reconfigure both ports accordingly.

To answer question B:
NAT Policies allow or direct traffic once inside the firewall to reach specific ports/ services and internal devices or objects such as hosts, subnets and in some cases internal routes. They can be bound to physical interfaces as well. The NAT Policies' function sound not be confused with a security mechanism... that is handled by Access Rules.

Let me know if I'm understanding your question correctly. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.