Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Multiple LAN interfaces on subnet with different IPs

I have an old TZ205 being retired. The subnet is 10.2.2.x and the TZ205 is 10.2.2.1 This TZ205 is being replaced by a NSA3650 as part of a larger project. One interface on the NSA3650 is already set as 10.2.2.2, and has taken over DHCP for the subnet, pointing at itself 10.2.2.2 as the default gateway.

There are devices (non-PC) scattered through the 2mm SqFt building with static IPs on 10.2.2.x pointed at gateway 10.2.2.1. These will all be removed over the next ten months, but that's a long time. I'd like to use an additional interface on the NSA3650 and assign it 10.2.2.1. That would allow me to remove the TZ205, route everything through the NSA3650, and when there is no traffic going to 10.2.2.1, I can eliminate that interface.

Can this be done?

Thanks!

Category: Mid Range Firewalls
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @RICHSKI,

    Thank you for contacting SonicWall Community.

    As per your description, you wanted to use same subnet on two different interfaces of the NSa 3650. Unfortunately, we cannot use same subnet on two different firewall interfaces directly because of the design and you get error as shown below in the KB article.

    There is a way that this requirement of yours could be accomplished. You can use portshielding feature on the firewall for this purpose. Portshielding feature on the firewall lets you to use same subnet on two different interfaces where one of the ports act as a switch port to the other subnet configured interface. Please take a looks at the below web-link for portshield understanding. One tricky part to this portshield usage in your scenario is, you have change the default gateway on the non-PC devices to the NSa 3650's IP address 10.2.2.2. If the non-PC's are capable of getting DHCP addresses then this manual effort of changing the default gateway is not needed.

    Hope this answers. Please let us know if any questions/clarifications.

    Have a good one.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • RichSkiRichSki Newbie ✭

    Thank you for the response. I had looked at PortShield and had hoped it allowed two different IP addresses on the same subnet, but it does not. It seems that I can't accomplish what I'm trying to do using only the NSA3650. I can leave the TZ205 operating as 10.2.2.1 until the last device using that gateway is retired. It's not terrible, just not as clean as migrating everything to the NSA3650.

  • SaravananSaravanan Moderator

    Hi @RICHSKI,

    Portshield allows us to utilize the port in switch mode to use a single subnet since the logic is layer 2. This is by design of all SonicWall boxes. Luckily if there is a situation where you are allowed to make changes, please try the suggestion offered on the previous comment.

    Have a good day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • prestonpreston All-Knowing Sage ✭✭✭✭

    You can achieve this using Port Shield mode and by creating a static ARP for the IP address 10.2.2.1 (to public to the same interface as the one with the 10.2.2.2) it wont be pingable and you can't do port forwarding to it but you can use as a Gateway address and it does work to access the internet and other internal devices,

    so in my scenario my X0 is 192.168.2.1 and X4 is portshielded to X0 I have set up a static arp for 192.168.2.20 published to X0 and have a pc directly connected to X4 using the gateway of 192.168.2.20, browsing the internet and RDPing to another PC on the LAN

  • SavyAdminSavyAdmin Newbie ✭
    Thanks PRESTON your solution worked like a charm!
Sign In or Register to comment.