Subnets on an existing interface (x0)
skunkworks
Newbie ✭
Some background. we have 1 large network and with our previous router we had one interface that did all the routing between 4 subnets (192.168.1.1->192.168.3.255) We bought the sonicwall tz500 and had a outside service come in and set it up. They used 3 interfaces hooked into our network to setup the 3 subnets. This seems to work ok except now all traffic has to go through the router if it is between subnets. This limits the data to < 1gb as the nics in the firewall are all 1gb. (instead of routing directly on our network)
My question is - can I setup our sonicwall interface (x0) to have a larger subnet mask? say 22?
So I would get rid of the 2 other interfaces (set to unassigned)
then have the nic set to
ip
192.168.0.1
subnet
255.255.252.0 = 22
Then (I think) any traffic would be routed directly between computers/servers when on different subnets instead of the traffic having to actually travel through the sonic wall router interfaces when between subnets.
Best Answer
-
CORRECT ANSWER
shiprasahu93
Moderator
Hello @skunkworks,
Welcome to SonicWall community.
You can certainly change the subnet mask on the X0 interface and use the X0 IP as the default gateway on all machines in 192.168.0.0/22 subnet. You are right, once you make this change, the communication will directly take place through the switch and will not be sent to the firewall within 192.168.1.1->192.168.3.255.
Since, you have sub-interfaces at the moment, please be mindful on the existing VLANs and you might need to get rid of them for this new set up. Also, if there are any static IP assignments, you would need to change the subnet mask on those machines.
Note: Moving this question to Entry level firewalls for better results.
I hope this helps! Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
5
Answers
Please use the IP address assigned on the X0 interface as the gateway on all devices.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
One last question I think...
I have 2 Tz500 that are normally setup in HA. The main one got struck by lightning and we have a replacement in hand. I am playing with the replacment (setting it up as above) and so far so good. I would like to hook it up to the internet and make sure everything else is working but am worried about the licencing - ie - I don't want it to get confused and somehow disable our current firewall.
Is it safe to play with on a separate network/internet for testing? The plan is then to switch over to the replacment and set our current one as backup.
thanks!
sam
@skunkworks,
The primary and secondary devices are selected when purchased. So, if the primary device is being replaced, then all licensing info will be transferred from the older device to the replacement unit.
If HA is still configured on this box, then it will just assume that the other unit is down and function as usual. Even if HA is turned OFF, once you receive the replacement, you can export the settings from this unit and import it on the other one and that then set up HA.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services