Looking for an approach to revamping network and SonicWall settings
Larry
All-Knowing Sage ✭✭✭✭
A client is completely renovating his office and I am planning a complete network refresh.
Unfortunately, I don't have a "test" version of his TZ670 (7.0.1) to use to pre-build the changes.
Existing LAN on X1 is 192.168.1.xyz and flat, the back-office LAN is on X2, Wi-Fi is on X3 via HPE Aruba Instant On with no managed switches. DHCP is on Windows Server for LAN and firewall for X2 and X3.
Looking to have LAN on X1 in 192.168.100.abc, with VLAN for back-office, VLAN for camera system, and another VLAN for VOIP, all with HPE Aruba Instant On managed switches.
Can anyone recommend a reasonable way in which to stand up this new network on the firewall so I can activate it during implementation weekend?
First time I'm encountering this situation and I'm stumped.
Best Answers
-
CORRECT ANSWER
TKWITS
Community Legend ✭✭✭✭✭
The way I do most cutovers is set everything up (or as close to everything as possible) ahead of time and leave the bare minimum to the day of.
Usually day of cutover involves changing a few IPs, adding a few routes, DHCP/IP Helper adjustments, changing a few cables around, etc.
In your case, I'd build out the Zones, VLANs, Access Rules ahead of time using unused subnets and plan out the cabling changes. Day of would be cabling changes, deleting unneeded interfaces, and changing subnets on the VLANs.
2 -
CORRECT ANSWER
Arkwright
Community Legend ✭✭✭✭✭
Do you have any spare Sonicwalls at all? If so, pre-build the config and use the migration tool to migrate it to TZ670.
The alternative is to use the CLI, but even then, if you're not already well familiar with the CLI config format then you would still need a spare firewall to test the config elements you've created.
2 -
CORRECT ANSWERLarry
All-Knowing Sage ✭✭✭✭
The solution will be a combination of both your replies.
I have just obtained a TZ470 for a client and will use that: migrate TZ670 settings to TZ470, update them, export them - migrate when turnover day occurs. Factory refresh TZ470 and set up settings according to site's requirements.
Thanks!
0
Answers
"Missed it by that much!" - M. Smart
You trust the migration tool?!
Yes, to get the basic information of all address objects and groups and the basic miscellany correctly copied over.
I'm certainly in no mood to stand it up from scratch despite the SOPs that detail all of the above.
The ability to have an almost production-ready file for implementation (and clean up any errors) far exceeds the time spent manually putting this together. - of course, I could be wrong…
I've used the migration tool many times to do gen6-gen7 migrations and cannot recall any specific issues caused by the tool.