Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

sonicwall / cisco switch Configuration ( 2 separate LAN networks using 2 different ports)

janvic123janvic123 Newbie ✭
in Mid Range Firewalls

I have sonicwall 5600 connected to L3 switch using 2 ports X0 LAN and X2 HR zone.

sonicwall X1 has a public IP connected to ISP

i configured X0 as LAN for a different network and X2 as a HR zone for a different network. Both ports are connected to the cisco 3750.


3750 configuration

vlan 2

int vlan 2 192.168.1.1/24

vlan 5

int vlan 5 192.168.5.1/24

vlan 10

int vlan 10 192.168.10.1

ip routing

2 ports going up to sonic wall as access port. 1 for vlan 2 and 1 for vlan 5



CLIENT 1. vlan 5

ip add 192.168.5.5/24

gw : switch 192.168.5.1


client 2

vlan 2 ip add 192..168.1.5/24

gw switch 192.168.1.1


what's working

Both client 1 and 2 can reach server in vlan 10.

Both client can ping the switch

switch can ping 8.8.8.8


wha'ts NOT working

clients can ping their respective network on the sonicwall firewall

clients cannot ping 8.8.8.8

cannot access internet from the computers


traceroute to 8.8.8.8 from client shows it gets to the core and stops there.

sonicwall cisco.PNG


Category: Mid Range Firewalls
Reply

Answers

  • janvic123janvic123 Newbie ✭

    i ran a packet monitor and i noticed that the packets were dropped becuase they were coming in from X0 instead of X2. what do i need to do in my cisco switch or the sonicwall to send the packet through the right port. Thank you

    Capture1.PNG


  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    So on your switch, you have your 2 access ports one on VLAN 2 connected to X0 and the other on VLAN 5 Connected to X1 and their native VLANS are configured?

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Can the switch reach the internet with a source IP of each of its LANs?

    You might simplify things a bit by not having IPs in all LANs on the Sonicwall, and just have a stub network for routing between the Sonicwall and the switch. Otherwise you've added complexity where there's two ways a packet can reach the firewall from the various LANs.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Don't use the switch as a router and let the Sonicwall do the work. AKA have all your vlans as subinterfaces of X0 and use a single port on the switch as a trunk to uplink to X0.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Basically, do either what I or @TKWITS has suggested, but don't try to do both - you will end up with triangular routes, for no discernable benefit.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @janvic123

    As per your network drawing, All internal LAN switching handling by Firewall & it will make more load in your Firewall when it comes to more clients/subnet/vlans. So I recommend below solution for your scenario.

    Since you have a L3 Switch from cisco, you can utilize that switch for handling the all internal VLAN switching and routing traffic.

    Internal VLAN restriction you can make ACL in cisco and create a default route to sonicwall for the internet traffic. (As same as below scn shot)

    image.png


    In Sonicwall, Create routing policy for the all VLANS as same as below screen shot.

    image.png


Sign In or Register to comment.