Deploying 2 SNWL Switches and Firewall in HA Mode
Hi,
I try to setup a NSa 2650 cluster alongside with 2 SonicWall 48 Port PoE Switches. I found a KB article (see below) which describes this setup. The article seems to miss an important configuration step. There is no explanation on how to configure the IP addresses of the Firewall Interfaces X2 and X3 to which the Switches are connected. The KB shows that both switches have an IP address in the same network .. but as we are using two different Firewall interfaces I have not found a way to configure this ...
Has anyone done such a config before and has the sample config / screenshots how to configure this ...
Boris
Answers
Hello @SGTGMFJL,
Thank you for bringing that to our attention. You are right X2 and X3 interfaces should be on separate IP schemes.
This has been passed on to the KB team and the article has been updated.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi Shipra,
thanks for your answer (BTW .. you need to correct the Switch getting started guide to not just the KB .. We had figured this out by ourselfs ... BUT ... even if you configure this with two different IP networks you still cannot set this up as a managed switch.
If you start to configure VLANs that should be on the trun port of the firewall that is connected to the switch you need to have separate VLANs on each of the trunk ports ... so as a simple example
You want to setup 2 different VLANs for two cloud managed APs and you want redundancy, connecting one AP to one switch and the other AP to the second switch you need you have to create 4 different VLANs (and networks) as you cannot have the same VLAN name and IP network on two different firewall interfaces ...
So to my understanding ... this has never been tested/configured before, or the is some "secret" switch that we do not know, or this is intended by design (which I do not hope) ...
Best regards
Boris
Hi Shipra,
one more addition ... the KB article talks about Portshield ... in a Firewall HA setup Portshield is disabled by default and has to be enabled via the Diag page ... (this is something that should be mentioned in the KB) as well as the configuration of the Firewall interfaces in the first place ... the KB should provide a complete picture and should include all the necessary steps for the configuration and not just snippets ...
Boris
Hi @SGTGMFJL ,
Just thought you should know that we are seeing the SWS14-48POE 10.0.0.2 briefly Unstable connected to an NSA2650 6.5.4.7_83n .
The switch becomes UNREACHABLE from the SW GUI.
Seen by Auvik(our NPM) as OFFLINE (recovers).
Just drops out momentarily...
Have you seen anything like that?
Thanks, Steph.
Hi Steph,
thanks for the info. But due to the limitations we found, we have configured the switch and the firewall separately. But good to know ...
Boris
Has anyone tried this configuration with dual TZ470 and dual SonicWall switches?
Is there a better articulated reference document and associated configuration steps for a redundant set of firewalls and switches?