LAN Network Communication help

alijan125 · August 20

Hello I am working in an environment where I have Sonic wall Tz670 in which there are three networks configured as given under:

X0= 10.1.52.

X2=10.140.70.

X6=10.141.70.

while I have two interfaces for Internet.

I have few cisco switches installed of model Cisco Catalyst 4948 48 Ports RJ45 & 4 SFP Ports. I am new there also my senior told me there is no any configuration done in cisco switches all traffic is going through sonic wall. My Question is that how these three networks are communicationg with default configuration of cisco switches there is no any vlan. Please help. My senior told all communication is done by Sonic while I found there is no any dynamic routing and vlan management in sonic wall and there is no zone creation all networks all zones X0,X2,X6 are default LAN Zone and in Group there is N/A so how these networks are communicating. I have checked any network client i.e belongs to 10.1.52. OR 10.140.70. OR 10.141.70. can ping and access sonic wall

TKWITS · August 21

I need clarification.

A simple diagram:

PC ethernet < - > Cisco switch #1 < - > Sonicwall port X0 (IP: 10.1.52.200)

If the PC is configured with an IP (IP: 10.1.52.10) on the same subnet as X0 the PC will be able to access the Sonicwall using its X0 IP address (IP: 10.1.52.200).

Without changing the above diagram, are you asking if you reconfigure the PC with an IP of 10.140.70.10, will it be able to access the Sonicwall using its X0 IP address (IP: 10.1.52.100)?

TKWITS · August 20

Assuming your 'senior' isn't pulling your leg: its a 'flat' network meaning all subnets and traffic reside on the default VLAN.

Routes to each individual subnet are auto-added because an interface on the subnet exists on the firewall. Since all of the interfaces are in the same zone, all of the default access rules will allow traffic between subnets and to the firewall.

I always suggest looking at configs yourself or asking for a copy of a config of a device.

alijan125 · August 20

Can I see auto-added routes? I agree with you all interfaces are on same LAN Zone but network subnets like 10.1.52. 10.140.70. & 10.141.70. are different. Secondly If I would like to see default rules of these subnets which allow communication what should I do?Sir

alijan125 · August 20

Is this good sign regarding Security in such flat network? because I can give any IP of any three said networks to access the resources. I can not protect any resource within the lan in this environment

Arkwright · August 20

Yes, auto-added routes will be showing in the Routing Rules list, they will be orange to indicate that they are default.

If they are all in LAN zone, then look at access rules LAN > LAN and bear in mind that by default, no access controls are applied intra-zone.

alijan125 · August 20

I checked in default Rules

I have sent you default access rules LAN to LAN kindly tell me which rule allowing communication between the said three subnets

alijan125 · August 20

I checked the Auto addess route rules sending you please tell me which rule allowing said three subnets to communicate

TKWITS · August 20

All of the information you are looking for is in the screenshots you've attached.

"Is this good sign regarding Security in such flat network? because I can give any IP of any three said networks to access the resources. I can not protect any resource within the lan in this environment"

You've already answered your own question.

alijan125 · August 20

Sir what do you think about such flat network may be the reason as we have many branch Offices connected through site to site VPN with installed sonic wall in each branch. What's your suggestions if I configure vlan in my head office where tz670 installed to avoid one broadcast domain & secure but what's your idea is this network (vlan) may create hindrances in accessing branches

TKWITS · August 20

When making any major change to a network you must try to address all variables and situations. I suggest the following steps for all projects, large or small, network or otherwise.

Assess and understand what is currently in place.

Plan changes based on the assessment. Plan for the best and worst scenarios you may encounter. Plan how you could test the changes with little to no interruption to operations.

Test the changes based on the plan you created.

Adjust your plan based on the testing.

Implement the plan, troubleshoot and resolve issues.

Review how the project went. Determine if there were items missed or if there was something that could've been done better.

alijan125 · August 21

Thanks sir for helping me. I would like to ask Query that how can I identify which subnet's IP can be configured on any client who is connected in our lan. For example we have 3 subnets

10.1.52.0
10.140.70.0
10.141.70.0

How can I differentiate that which subnet's IP should I assign in clients computer to access the resources

alijan125 · August 21

While we have few Cisco switched of model 4948 48 ports with default configuration it's my last Query sir if you please help with diagram I would be great full to you

Arkwright · August 21

I don't know if you're familiar with how peer-support forums work, but what they are not for is getting people to do your job for you. Asking someone to do a diagram of your network is, IMO, beyond the scope of a forum post.

TKWITS · August 21

"How can I differentiate that which subnet's IP should I assign in clients computer to access the resources"

You'll have to test that yourself. Connect a PC to each of the subnets you listed and test what access you have. This would be part of an assessment phase.

It seems to me you are not a native english speaker and are using a translation tool, which may use words a native speaker wouldn't use, so I don't think you are expecting a diagram from a user on a forum.

alijan125 · August 21

Sorry Sir my English is weak. My Question is very simple we have 3 interfaces configured on my sonic wall

X0: 10.1.52.200
X2:10.140.70.1
X6:10.141.70.1

All cables connected from the above sonic wall to different Cisco catalyst switches 4948 series. My Question was that if X0:10.1.52.1 connected to one Cisco catalyst switch 4948 which is 48 port switch say for example I connected X0 to 1st port of switch & I connected my PC to second port and assigning IP address 10.1.52.10
SM: 255.255.255.0
Ga:10.1.52.1

I am able to access Sonic 10.1.52.200. I have confusion that If I configure the same PC with
10.140.70.10
255.255.2550
10.140.70.1
I mean if I use IP address of X2 subnet on PC would I be able to access Sonic because as I understand all these three subnets belongs to same LAN Zone & are allowed in default route rules & default access rules as shown in above screenshots. Please clear this confusion sir it's my last Query for this discussion thanks

alijan125 · August 21

IP address 10.1.52.10
SM: 255.255.255.0
Ga:10.1.52.200

Gateway is 10.1.52.200
Sorry I mistyped

Arkwright · August 21

I mean if I use IP address of X2 subnet on PC would I be able to access Sonic

No, that should only work if the PC is in the switch that is connected to X2. Zones are a way of managing access rules across multiple similar interfaces. They don't let you just use an IP from any network in a different network that happens to be in the same zone.

alijan125 · August 21

that should only work if the PC is in the switch that is connected to X2.

Really thankful to you sir I got the answer that was my big confusion God bless you sir

alijan125 · August 21

Without changing the above diagram, are you asking if you reconfigure the PC with an IP of 10.140.70.10, will it be able to access the Sonicwall using its X0 IP address (IP: 10.1.52.100)?

Yes Sir this PC is connected in the same port would I be able to access Sonic wall if I configure the IP address of PC with X2 subnet i.e 10.140.70.10

Join the Conversation

LAN Network Communication help

Best Answer

Answers