To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".
Hi, I set up two WAN connections on two separate Nsa2700 ports but when I try to connect the second one to a second LAN port in the same subnet it errors. Is this a partitioning thing?
Thanks for any help.
@eugp if I get this right, both WAN ports getting IP addresses in the same subnet, e.g. X1 192.168.1.1./29 and X2 192.168.1.2/29?
This is not allowed and there is IMHO no way for overlapping subnets on different interfaces.
If there is more to it just let us know.
It sounds more like the poster is trying to 'extend' the LAN to second interface, but ya know, details.
As BWC said you cannot have two interfaces in the same subnet. Thats not how IPv4 routing works.
To get around this Sonicwall has a feature called PortShield, which allows you to set a second (or third, fourth, etc.) physical interface to be on the same IP subnet and security context as another. E.g. you would 'PortShield' port X3 to X0 to 'add' it to the LAN subnet and LAN zone.
You would not need to configure X3 separately as it 'inherits' the IP of X0.
My hope was-
X1=WAN Fixed internet IP "A"
X0=LAN interface 192.168.1.1
Rules for public webserver WAN IP "A" <> LAN 192.168.1.2
X11=WAN Fixed internet IP "B"
X10-LAN interface 192.168.1.4
Rules for a second public webserver WAN IP "B" <> LAN 192.168.1.5
But as you say, two ports on the same subnet is not allowed. What are all those ports for then? :)
OK, but wait. Shouldn't I be able to not do X10 LAN but have another set of rules for-
X11 WAN IP "B" <> second public webserver LAN 192.168.1.5?
Both pass through X0
You can do all kinds of things with them including what I posted about PortShields.
Im going to kick myself for asking, but why are you trying to do this? What does this accomplish that having a switch on X0 and the servers on said switch doesnt? Or having a different Subnet and Zone on interface X10?!?
You can do what you are talking about using a combination of features and settings, but again why?
Yes. This is a totally normal thing to do and can be achieved with the relevant access rules and NAT policies. Much less inexplicable than Plan A was :-D
Since you ask, I was thinking of running Remote Desktops from the existing gateway using MFA-NPS extension which works with Azure and Microsoft Authenticator, then use the second route for the SMA210 SSLVPN users. This only works with OTP over email.
I'll probably just use the SMA portal for RDP but as I said I prefer the MFA-NPS extension.
They both have to reach the same subnet.