Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ 400 Limit Outbound Connections On LTE Failover

Hey all, need to bounce a question off of the SW gurus here?

Have a client who is setting up their Covid Vaccine location and are adding in an LTE failover to the site's connectivity via the SonicWall firewall. This LTE connection is metered/limited. We are trying to find a solution that when not if the main Comcast connection goes down and the SonicWall fails over to the LTE connection we can limit outbound traffic over the LTE connection to just the VPN that carries the RDP connections back to their terminal servers.

We can failover no problem and VPN will re-establish all well and good but so we will all the other connections, including guest WiFi, music streaming for the site, other streaming, etc. Does anyone know of a way to limit this in a SonicWall? I have been banging my head trying to figure it out and haven't been able to search for a definitive answer anywhere.

Category: Entry Level Firewalls
Reply

Answers

  • @Alex_B,

    Please do not add the LTE connection to the WAN Failover and LB Group in that case. So, is this a site to site VPN where on the remote end you have mentioned the LTE connection's WAN address as the secondary peer?

    I think a little more detail about the VPN connection would help in this scenario.

    If you need to route things out specifically when the primary WAN link is down, you can create a static route for the same and apply network probes that check the internet connection through primary and get activated only when the primary link is down.

    I hope this helps!

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Assuming you properly segmented your networks via VLAN, a simple way would be to disable the auto-created VLAN to U0 NAT policies for the VLANs that aren't required to have connectivity over LTE. Yes it would break guest wifi and such during a failover event but thats all unnecessary traffic anyway.

    Otherwise you could use SDWAN rules, policy based routing, or other combinations of functions.

Sign In or Register to comment.