Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sonicwall NSA3600 - two switches

Hi all,

Looking for some guidance on implementing a solution where I can run the NSA3600 + two switches where by if one switch dies the second will keep operations running. While STP may do the job it would make one switch the failover.

I've looked at portshield but doubt this will allow routing from another switch it would create a loop back.

The server would be teamed with 4x eth ports.

Any suggestions or advise is welcomed.



Category: Mid Range Firewalls
Reply

Answers

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    edited June 3

    Are you using a single NSA3600 or a High Availability pair?

  • KentKent Newbie ✭

    Hi TKWITS,

    Just a single NSA3600

    Kent.

  • SaravananSaravanan Moderator

    Hi @Kent,

    Thank you for visiting SonicWall Community.

    I have seen some of the similar cases where looping occurs and firewall drops the packets as "IP Spoof".

    But I would recommend to try my suggestion. Configure the second switch connected interface on the SonicWall by portshielding it to the parent interface (first switch connected interface on SonicWall). Even though the switches are connected to two different interface, portshield makes them to be treated as a single port or single broadcast domain.

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • KentKent Newbie ✭

    Hi @Saravanan

    My thoughts this MIGHT work, but I wasn't sure if I could just attach a second switch with portshield on the pass through to the interface I needed.

    Kent.

  • SaravananSaravanan Moderator

    Hi @Kent,

    Cool. It should work. Please try and keep this thread updated.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    I should've asked in my previous response, but I am guessing the answer is no. Are the switches stacked / stackable?

  • MasterRoshiMasterRoshi Moderator

    @Kent , I highly recommend you use port redundancy instead of a portshield or bridge for these scenarios where it is simply for HA, and the switches have a link to eachother anyway.

  • KentKent Newbie ✭

    @TKWITS - No they aren't stacked.

    @MasterRoshi i wanted to have both run together rather than one and then a failover, my idea is to spread the load with the teaming of he NIC's if i have them failed over i will lose throughput, just want to know what best practice is.

    Kent.

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    edited June 7

    'i wanted to have both run together rather than one and then a failover'

    You need a stack to have two switches 'run together'. I do not believe you will be able to accomplish your goal with the equipment you have.

    Follow me (I am basing this on 1Gbps interfaces):

    You have two NICs from the server 'teamed' to the first switch, and the remaining two NICs from the server 'teamed' to the second switch.

    The two switches are connected to each other via LAG/PortChannel/Team and are configure for STP.

    You configure the Sonicwall using port redundancy, with the 'primary' interface going to the first switch and the 'redundant' port going to the second switch.

    Server to switch you'll have ~2Gbps possible throughput.

    Switch to switch you'll have ~2Gbps possible throughput.

    Either switch to Sonicwall you'll have 1Gbps possible throughput.

    If either switch individually goes down your server will still have connectivity.


    If I was trying to accomplish your goal of throughput and redundancy I would have 2x Sonicwalls in HA with LAG/PortChannel to a stack of two switches.

    I do not know if it is possible to configure port redundancy on the sonicwall to use LAG interfaces, though I suppose if you could you'd be able to get away with 1 Sonicwall and a stack of two switches.

Sign In or Register to comment.