Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Portshield in High Availability - SonicOS 6.5.4

CISSupportCISSupport Newbie ✭
in Mid Range Firewalls

I currently have two NSa 6650s in HA and I want to configure a portshield group so I can upgrade my internal connection bandwidth and utilize the 10gbps SFP+ ports. I run into an issue creating a portshield group since we use HA. Is there an alternative? I have over 175 VPN tunnels and many many nat rules that use interface subnets as their address objects. I'd rather not re-program all of that if I can avoid it.

This thread had a similar issue, but is running 7.x:

https://community.sonicwall.com/technology-and-support/discussion/5542/alternative-to-portshield-for-high-availability#Form_Comment

Category: Mid Range Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    ArkwrightArkwright Community Legend ✭✭✭✭✭
    Answer ✓

    You can override this in /diag.html but I assume there has to be a reason why it gets disabled by default.

    This is an interesting article [although much is implied rather than explicitly stated] - it suggests to enable PortShield before enabling HA and it will work.

    https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-switch_network/Content/Configuring_Topologies/configuring-ha-common.htm

    May not be relevant to SonicOS 6 though.

    many many nat rules that use interface subnets as their address objects

    Zones. Use Zones. Using Zones means that you can add/remove interfaces from Zones without having to spend too much time worrying about rules.

Answers

Sign In or Register to comment.