Configure TZ570 and Fiber DIA and EPL between buildings
The company I work for recently rented space in a rack at a co-location host. They provided us with a Dedicated Internet Access (DIA) and a Ethernet Private Line (EPL). I have the TZ570 at the co-location host with the DIA in port x8 and the EPL in x9. I am having trouble figuring out how to connect the TZ570 to our site. Do I need to use layer 2 bridge mode? The EPL comes to our office building and plugs into a switch that has an SFP fiber module. There is a TZ500 connected to the switch at our office. The DIA will be our main internet at our office so it is pluged into the wan port of the tz500.
Any help would be appreciated. So far here is the diagram I have.
I think you just need to make up a /30 network to use on Colo:X9-Main Office:X?? then set your default route on main office to Colo:X9 IP.
Is there a reason you are using both Sonicwalls? Why complicate things when you can just have your main office patched into the switch on the EPL?
Really, this is basic networking and routing.
One reason to keep the TZ500 would be so that you could have a backup WAN at the main office site. Of course it doesn't need to be a TZ500 to do this but as you've already got it....
To answer the only question I can see, you do not NEED to use L2 bridge mode. Though it all depends on what you want to accomplish.
It sounds like you want to use the EPL to extend the DIA to your 'main' office firewall?
I do want to extend the DIA to the main office over the EPL. The other reason to use both devices is because I need to have something at the Colo site to plug both the EPL and DIA into. They gave me an empty rack with two fiber cables, one labeled EPL and the Other DIA. Would the alternative to using both SonicWall's be using a switch at the Colo and a TZ570 connected to the EPL at the main office?
@nandrew Are you going to have any server equipment at the colo? Whats the end goal with this setup?
I will have an RDS server at the colo. It should appear as if it is on the same network as our main office over the EPL. The goal was to protect the server at the colo environment while allowing access from the main office location.
I will re-state 'this is basic networking and routing.'
Is there a reason you wouldn't just make the Colo and Main site on the same network using only the one Sonicwall at the colo for everthing?