What are you trying to accomplish with this configuration? While what you are asking is probably technically possible, whether or not it will work is another matter.
Yes, you should be able to accomplish this requirement using NAT policy configuration. We have a specific NAT/Route mode configuration available from the WAN interface itself but may not be applicable for your scenario as you are specific looking Route mode for X0 subnet with X2 WAN. Just placed the KB link for your reference about Route Mode in SonicWall.
TZ370W x6(WAN) and x4(WAN) are connected to two port of core switch and port are in L2.
PC are in the internal LAN with two different network with separate switch.
X6 and X4 are wan interface.
X6 primary bridge L2 bridge with X7.
X4 primary bridge L2 bridge with X5.
two internal network are connected to x5 and X7 with respect to their switch.
I can access the application from both the internal network via core switch connected to router which is going to MPLS network. CORE SWITCH are configure with VLAN1 with two IP each from the X5 and X7 network.
But I cannot access internet from x7 and x5 LAN network through X1 WAN. But I can access internet from X0 LAN through X1 WAN.
How can I configure above solution. So that I can access the application from X5 and X7 LAN through core switch connected to router.
And also I can get internet for X5 and X7 LAN through X1 wan.
Why are you bridging your WAN interfaces to X5 and X7 to use X5 and X7 as 'internal networks'? X5 and X7 are now considered in the WAN zone, and not LAN (or other internal).
While your explanation is helpful, it doesn't make much sense. Can you provide a diagram? What 'application' are you referring to?
Dear sir, If we make x4 and x6 as LAN and L2 primary bridge mode to x5 and x7 respctively. Now how to confgure so that LAN x5 and x7 should get internet through x1. Right now x0 is getting internet through x1.
If we add X5 an X7 subnets(NW) in a object group. And in source we select that object group it will be same as creating two route separately for x5 and x7.
There is also many subnets of 164.39.0.0 /26 terminating from branches to the same core switch.
If I change the subnet mask to 255.255.0.0 from 255.255.255.192 for X5(169.39.36.165/26) will it ingress all the traffic through x5. and get internet through x1.
Dear sir, I did not understand your point. sir if i make local pc deafault gateway as the IP of the ingress interface than only we are getting internet. But than we are not able to get app access untill we make default gateway of the pc as vlan ip of the core switch. And when we make pc default gateway as vlan ip of core switch than we cannot access internet. My question is that is it possible to access the internet from local pc with out the ingress ip of the internal lan.
Saravanan is trying to have you use the tools available to you to troubleshoot the issue.
It sounds to me like you have a routing issue. Your core switch does not know where to send traffic to get to the internet, and your firewall does not know where to send traffic to get to the 'application'.
What is the routing table of your core switch? What is the routing table of your firewall?
Yes, @TKWITS is right. We should perform a packet monitor on the SonicWall to identify the reason for no Internet. If you need any assistance on packer capturing/monitoring, please let us know. You can also contact our Support folks for help as per below web-link.
Ehsan
Newbie ✭
Answers
What are you trying to accomplish with this configuration? While what you are asking is probably technically possible, whether or not it will work is another matter.
Hi @EHSAN,
Thank you for visiting SonicWall Community.
Yes, you should be able to accomplish this requirement using NAT policy configuration. We have a specific NAT/Route mode configuration available from the WAN interface itself but may not be applicable for your scenario as you are specific looking Route mode for X0 subnet with X2 WAN. Just placed the KB link for your reference about Route Mode in SonicWall.
For your scenario, we have to manually create NAT policy just for route mode scenario and place it on the top of the default NAT policies.
The NAT policy should look like,
Original Source: X0 Subnet
Translated Source: Original
Original Destination: Any
Translated Destination: Original
Original Service: Any
Translated Service: Original
Source Interface: X0
Destination Interface: X2
Enable NAT Policy: Enabled
Comment: (enter a short description)
This should get X0 to use No NAT when using X2 WAN for Internet access.
Note: NAT policy depicted above is for Outbound direction.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Dear Sir,
I am facing problem.
TZ370W x6(WAN) and x4(WAN) are connected to two port of core switch and port are in L2.
PC are in the internal LAN with two different network with separate switch.
X6 and X4 are wan interface.
X6 primary bridge L2 bridge with X7.
X4 primary bridge L2 bridge with X5.
two internal network are connected to x5 and X7 with respect to their switch.
I can access the application from both the internal network via core switch connected to router which is going to MPLS network. CORE SWITCH are configure with VLAN1 with two IP each from the X5 and X7 network.
But I cannot access internet from x7 and x5 LAN network through X1 WAN. But I can access internet from X0 LAN through X1 WAN.
How can I configure above solution. So that I can access the application from X5 and X7 LAN through core switch connected to router.
And also I can get internet for X5 and X7 LAN through X1 wan.
Since X0 is getting internet through X1.
And X5 and X7 should access each other.
Sir it is urgent.
Thanks and best regards.
Why are you bridging your WAN interfaces to X5 and X7 to use X5 and X7 as 'internal networks'? X5 and X7 are now considered in the WAN zone, and not LAN (or other internal).
While your explanation is helpful, it doesn't make much sense. Can you provide a diagram? What 'application' are you referring to?
If we make x4 and x6 as LAN and L2 primary bridge mode to x5 and x7 respctively. Now how to confgure so that LAN x5 and x7 should get internet through x1. Right now x0 is getting internet through x1.
Thanks and best regards.
Hi @EHSAN,
Please create a route on the SonicWall to force the X5 and X7 subnets to go online via X1 WAN. The route should look alike below,
Source: X5 and X7 subnets
Destination: Any
Service: Any
Gateway: X1 Default Gateway
Interface: X1
Metric: 10
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Dear Sir,
If we add X5 an X7 subnets(NW) in a object group. And in source we select that object group it will be same as creating two route separately for x5 and x7.
Thanks and best regards.
Dear Sir,
There is also many subnets of 164.39.0.0 /26 terminating from branches to the same core switch.
If I change the subnet mask to 255.255.0.0 from 255.255.255.192 for X5(169.39.36.165/26) will it ingress all the traffic through x5. and get internet through x1.
Dear sir,
We did as you ask above as :-
Source: X5 subnets
Destination: Any
Service: Any
Gateway: X1 Default Gateway
Interface: X1
Metric: 10
core switch vlan1 = 10.42.4.1
PC = 10.42.4.91 DG = 10.42.4.1, PC connected to core switch vi access switch.
We can access application through core switch connected to MPLS. Application is unix and mainframe based.
But we want to access internet also being in the same network.
Now x1(WAN) = internet connected
x4(LAN) = 10.42.4.165 connected to core switch
X5 bridge to x4 and access switch connected to x5 (disconnect from core switch)
PC = 10.42.4.91 DG = 10.42.4.1 we can access the application.
But no internet.
PC = 10.42.4.91 DG = 10.42.4.165 we can access the internet
But no application.
If we make X4(WAN), still we can get internet but no application at all. Look like if NAT is happening than application are not allowed.
How can we get both internet as well as application.
Thanks and best regards.
Hi @EHSAN,
We should do packet capture on the SonicWall for Internet traffic to identify the issue with no Internet from X5 and X7 subnets respectively.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
I did not understand your point. sir if i make local pc deafault gateway as the IP of the ingress interface than only we are getting internet. But than we are not able to get app access untill we make default gateway of the pc as vlan ip of the core switch. And when we make pc default gateway as vlan ip of core switch than we cannot access internet. My question is that is it possible to access the internet from local pc with out the ingress ip of the internal lan.
Saravanan is trying to have you use the tools available to you to troubleshoot the issue.
It sounds to me like you have a routing issue. Your core switch does not know where to send traffic to get to the internet, and your firewall does not know where to send traffic to get to the 'application'.
What is the routing table of your core switch? What is the routing table of your firewall?
Read up on routing.
Hi @EHSAN,
Yes, @TKWITS is right. We should perform a packet monitor on the SonicWall to identify the reason for no Internet. If you need any assistance on packer capturing/monitoring, please let us know. You can also contact our Support folks for help as per below web-link.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Ehsan ,
For understanding your requirement, could you please share with us the network diagram.
As I understand that, You have L3 core switch and configured the VLANS. Those VLAN connected PC's are not getting the internet?
Please check the core switch configured with default route or not.
@Ehsan Did you get anywhere else with this?