Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

LAN Network Communication help

Hello I am working in an environment where I have Sonic wall Tz670 in which there are three networks configured as given under:

X0= 10.1.52.

X2=10.140.70.

X6=10.141.70.

while I have two interfaces for Internet.

I have few cisco switches installed of model Cisco Catalyst 4948 48 Ports RJ45 & 4 SFP Ports. I am new there also my senior told me there is no any configuration done in cisco switches all traffic is going through sonic wall. My Question is that how these three networks are communicationg with default configuration of cisco switches there is no any vlan. Please help. My senior told all communication is done by Sonic while I found there is no any dynamic routing and vlan management in sonic wall and there is no zone creation all networks all zones X0,X2,X6 are default LAN Zone and in Group there is N/A so how these networks are communicating. I have checked any network client i.e belongs to 10.1.52. OR 10.140.70. OR 10.141.70. can ping and access sonic wall

Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    TKWITSTKWITS Community Legend ✭✭✭✭✭
    Answer ✓

    I need clarification.

    A simple diagram:

    PC ethernet < - > Cisco switch #1 < - > Sonicwall port X0 (IP: 10.1.52.200)

    If the PC is configured with an IP (IP: 10.1.52.10) on the same subnet as X0 the PC will be able to access the Sonicwall using its X0 IP address (IP: 10.1.52.200).

    Without changing the above diagram, are you asking if you reconfigure the PC with an IP of 10.140.70.10, will it be able to access the Sonicwall using its X0 IP address (IP: 10.1.52.100)?

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Assuming your 'senior' isn't pulling your leg: its a 'flat' network meaning all subnets and traffic reside on the default VLAN.

    Routes to each individual subnet are auto-added because an interface on the subnet exists on the firewall. Since all of the interfaces are in the same zone, all of the default access rules will allow traffic between subnets and to the firewall.

    I always suggest looking at configs yourself or asking for a copy of a config of a device.

  • alijan125alijan125 Newbie ✭

    Can I see auto-added routes? I agree with you all interfaces are on same LAN Zone but network subnets like 10.1.52. 10.140.70. & 10.141.70. are different. Secondly If I would like to see default rules of these subnets which allow communication what should I do?Sir

  • alijan125alijan125 Newbie ✭

    Is this good sign regarding Security in such flat network? because I can give any IP of any three said networks to access the resources. I can not protect any resource within the lan in this environment

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Yes, auto-added routes will be showing in the Routing Rules list, they will be orange to indicate that they are default.

    If they are all in LAN zone, then look at access rules LAN > LAN and bear in mind that by default, no access controls are applied intra-zone.

  • alijan125alijan125 Newbie ✭

    I checked in default Rules

    I have sent you default access rules LAN to LAN kindly tell me which rule allowing communication between the said three subnets

  • alijan125alijan125 Newbie ✭

    I checked the Auto addess route rules sending you please tell me which rule allowing said three subnets to communicate

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    All of the information you are looking for is in the screenshots you've attached.

    "Is this good sign regarding Security in such flat network? because I can give any IP of any three said networks to access the resources. I can not protect any resource within the lan in this environment"

    You've already answered your own question.

  • alijan125alijan125 Newbie ✭
    Sir what do you think about such flat network may be the reason as we have many branch Offices connected through site to site VPN with installed sonic wall in each branch. What's your suggestions if I configure vlan in my head office where tz670 installed to avoid one broadcast domain & secure but what's your idea is this network (vlan) may create hindrances in accessing branches
  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    When making any major change to a network you must try to address all variables and situations. I suggest the following steps for all projects, large or small, network or otherwise.

    Assess and understand what is currently in place.

    Plan changes based on the assessment. Plan for the best and worst scenarios you may encounter. Plan how you could test the changes with little to no interruption to operations.

    Test the changes based on the plan you created.

    Adjust your plan based on the testing.

    Implement the plan, troubleshoot and resolve issues.

    Review how the project went. Determine if there were items missed or if there was something that could've been done better.

  • alijan125alijan125 Newbie ✭
    Thanks sir for helping me. I would like to ask Query that how can I identify which subnet's IP can be configured on any client who is connected in our lan. For example we have 3 subnets

    10.1.52.0
    10.140.70.0
    10.141.70.0

    How can I differentiate that which subnet's IP should I assign in clients computer to access the resources
  • alijan125alijan125 Newbie ✭
    While we have few Cisco switched of model 4948 48 ports with default configuration it's my last Query sir if you please help with diagram I would be great full to you
  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    I don't know if you're familiar with how peer-support forums work, but what they are not for is getting people to do your job for you. Asking someone to do a diagram of your network is, IMO, beyond the scope of a forum post.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "How can I differentiate that which subnet's IP should I assign in clients computer to access the resources"

    You'll have to test that yourself. Connect a PC to each of the subnets you listed and test what access you have. This would be part of an assessment phase.

    It seems to me you are not a native english speaker and are using a translation tool, which may use words a native speaker wouldn't use, so I don't think you are expecting a diagram from a user on a forum.

  • alijan125alijan125 Newbie ✭
    Sorry Sir my English is weak. My Question is very simple we have 3 interfaces configured on my sonic wall

    X0: 10.1.52.200
    X2:10.140.70.1
    X6:10.141.70.1

    All cables connected from the above sonic wall to different Cisco catalyst switches 4948 series. My Question was that if X0:10.1.52.1 connected to one Cisco catalyst switch 4948 which is 48 port switch say for example I connected X0 to 1st port of switch & I connected my PC to second port and assigning IP address 10.1.52.10
    SM: 255.255.255.0
    Ga:10.1.52.1

    I am able to access Sonic 10.1.52.200. I have confusion that If I configure the same PC with
    10.140.70.10
    255.255.2550
    10.140.70.1
    I mean if I use IP address of X2 subnet on PC would I be able to access Sonic because as I understand all these three subnets belongs to same LAN Zone & are allowed in default route rules & default access rules as shown in above screenshots. Please clear this confusion sir it's my last Query for this discussion thanks
  • alijan125alijan125 Newbie ✭
    IP address 10.1.52.10
    SM: 255.255.255.0
    Ga:10.1.52.200

    Gateway is 10.1.52.200
    Sorry I mistyped
  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    I mean if I use IP address of X2 subnet on PC would I be able to access Sonic

    No, that should only work if the PC is in the switch that is connected to X2. Zones are a way of managing access rules across multiple similar interfaces. They don't let you just use an IP from any network in a different network that happens to be in the same zone.

  • alijan125alijan125 Newbie ✭
    that should only work if the PC is in the switch that is connected to X2.

    Really thankful to you sir I got the answer that was my big confusion God bless you sir
  • alijan125alijan125 Newbie ✭
    Without changing the above diagram, are you asking if you reconfigure the PC with an IP of 10.140.70.10, will it be able to access the Sonicwall using its X0 IP address (IP: 10.1.52.100)?

    Yes Sir this PC is connected in the same port would I be able to access Sonic wall if I configure the IP address of PC with X2 subnet i.e 10.140.70.10
Sign In or Register to comment.