Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

TZ400 adding 2nd subnet to LAN X0

radimanradiman Newbie ✭
in Entry Level Firewalls

We have a basic flat network at a small site, X0 LAN is 10.10.1.x, /24, with Sonicwall doing DHCP for this subnet. We have some equipment that is being installed and it needs to be a static IP, on a separate subnet, but still be able to access the Internet through the same switches that serve the X0 LAN. I just want to setup this 2nd subnet on the X0 interface and then statically assign the IP addresses needed. No DHCP for this new subnet is needed.

The closest document I have found is this:

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-secondary-subnet-on-lan-interface-for-firewall-management-purpose/170505978271633/

Will this work, with the only change being instead of just management being available from the 2nd subnet, we want all traffic, as well as Internet access, by changing it to "All" for the service?

That way, I can manually assign the static IP if 10.10.2.10, for example to the machinery and have it access the internet still.

Thanks for the assist.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • Options
    MarkDMarkD Cybersecurity Overlord ✭✭✭

    VLANs with Layer 2 capable switches and a sub interface on the SonicWALL

  • Options
    radimanradiman Newbie ✭

    Thank MarkD but this is not currently an option for us. Having to replace network switches, configuring VLANs, etc. is not in the cards. While this would be ideal if A)we had the proper equipment, B)time, C)Resources, we just need to have a second subnet added for a couple of machines on the shop floor.

  • Options
    IT_BrianIT_Brian Newbie ✭

    No, what you are asking needs a L2/L3 switch to do what you want. Even with subinterfaces on the X0 you still needs someone to add and strip the VLAN tags.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Will this work, with the only change being instead of just management being available from the 2nd subnet, we want all traffic, as well as Internet access, by changing it to "All" for the service?

    Have you tried?

  • Options
    WBHTZ270WBHTZ270 Newbie ✭
    edited April 6

    I have the same problem, and I have tried the setup in that KB article. It did not work for me. I have asked this same question, (sorry didn't see this thread) here:

    https://community.sonicwall.com/technology-and-support/discussion/5939/second-lan-subnet-configuration

    I've tried the packet monitor, and with the NAT external set to xx.xx.xx.98 and internal to 192.168.101.x the packets are dropped.

  • Options
    James_HJames_H Newbie ✭

    We set up something very similar and it worked great, but we had to use a switch that could tag/untag. We had our internal on a 192.168.15.0/24, our printers on 16.0/24, and our guest offices on 17.0/24. All on X0. We were able allow access to the printers to the guests and the internal users this way without allowing the guests on our internal network. They were able to use the internet without issue as well.

    Look up Aruba InstanOn switches. They are affordable and can handle that traffic. Some will hate on them, but they would work great for what your trying to do and you won't need to learn a terminal language to program them.

  • Options
    Overflow2021Overflow2021 Newbie ✭
    Your only other option, keeping the unmanaged switches would be to use a 2nd interface on the Sonicwall, but you'd have to use separate switches.
  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    but you'd have to use separate switches.

    No, he wouldn't. He doesn't need DHCP in this second network, so having two L3 networks in one L2 network will work, even if it's not the "prettiest" solution.

Sign In or Register to comment.