Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

TZ570 + Layer 2 Bridge Mode, Port Forwarding for VPN

DatsTechDatsTech Newbie ✭
in Mid Range Firewalls

Hello World and Good Evening All


I ran into a problem I can't quite figure out, any input would be greatly appreciated.


Background:

SMB Setup, Block of Static IP Address, External Users connect to DMZ VPN Server.

Primary Router: Cisco RV325, Assigned Public IP Address .100

DMZ Setup on RV325, for External Employees VPN, Assigned Public IP Address .101


SonicWall TZ570 Installed, X1 (WAN PORT - ISP) VPN, Assigned Public IP Address .103

Layer 2 Bridge Enabled, X2 BRIDGED TO X1 (LAN ZONE), Connecting to RV325 WAN Port


Before hand with just the Cisco RV325 acting as the firewall and router, I was able to use Port Forwarding to send the traffic on specified ports to the internal IP address for this to function properly.


I can ping the SonicWall TZ570, the Cisco RV325 Router AND the DMZ Server... but packets will not go through for VPN connection to be established. If I remove the SonicWall from the equation everything goes back to operating just as smoothly as before.

I've gone through a handful of tutorial videos and continue the hunt for the right answer, but what I am trying to figure out is how to get the Layer 2 Bridge mode to allow packets across the interface.


Again, any help would be greatly appreciated.


Thank you.

Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    i know I'm asking for it, but why are you using two firewalls for this?

  • DatsTechDatsTech Newbie ✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/11352#Comment_11352

    It's not an odd question, I'll admit it's a little unorthodox, all things considered.

    I'm familiar with Cisco devices, not so much with SonicWall these days -- the RV325 hosts the DMZ and manages the subnets for the network. The added SonicWall device configured with the Layer 2 Bridge was meant to increase security since we're adding direct access with a mobile app to a backend SQL server. The RV325 doesn't allow for SPI or any of the protection services that the SonicWall does.


    Honestly if I could just figure out how to port forward across the interfaces... that would be wonderful. Since I can ping the server sitting on the DMZ I know the network connectivity there it's just the specific ports allows traffic through.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    My point was more so the RV325 is essential EOL already, you might as well consider migrating to the Sonicwall.

    Can you throw together a diagram for us? And maybe a screenshot of the interfaces page of your TZ570?

  • DatsTechDatsTech Newbie ✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/11363#Comment_11363

    If I was more familiar with the platform, I might -- worked with support for two hours earlier and after utilizing packet capture, I had a zone set for the wrong classification. Without the specification of the proper zone, it was getting caught by the implicit deny that is on the device by default. I will paste some screenshots here shortly of how it was taken care of. I honestly need to take a SonicWall Cert course.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "X2 BRIDGED TO X1 (LAN ZONE)" I had a feeling this was a typo but shouldn't have assumed. The zone assignment is important.

    See my last comment here: https://community.sonicwall.com/technology-and-support/discussion/comment/10869

    The best thing to do for learning IMO is to use the device. You have multiple static public IPs, setup a test environment on one of them. Sonicwalls KB articles have plenty of answers in them.

Sign In or Register to comment.