Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicWall and Layer 3 Device configuration

Nick_SNick_S Newbie ✭
edited October 2020 in Mid Range Firewalls

So I'm tasked with creating inter VLAN routing but without having full access to our network. We are using a SonicWall routing device and about 12 Ubiquity EdgeSwitch devices. At first we were configuring our network to use VLANs for added security, but because we just had everything talking to each other over the SonicWall, it wasn't very secure and things were slow moving across the VLAN (the SonicWall was routing every packet).

We deal with big files (6gig to 36 gig files) and we have two locations connected via high speed wireless device with SonicWall routers on both ends. I've been working to move our actual routing to a core Layer 3 switch at each building to speed up file transfers that don't need to cross the wireless bridge. I have success in moving files within the switch, but the global gateway doesn't work (clients on a switch routed VLAN can't find the internet, only each other). I have my client gateways configure as the switch VLAN address and the switch global address set to an IP that is on the same subnet as the router. We've tried to configure a static route for each VLAN on the SonicWall pointing to this global switch gateway, but no dice.

The trunk global gateway is on a virtual interface. Our VLANs are configured on the SonicWall with virtual interfaces. I don't know if these virtual interfaces are causing an issue with the VLAN routing packets BACK to the switch or not. I can ping anything in our building on any client connected to a routed VLAN, but it will not reach anything in the WAN.


Is there a step I'm missing with correctly creating a static route on a SonicWall router to enable a switch to perform Layer 3 actions to speed up file transfer? The core switch is moving files around 2 Gp/s over a LAG where as before I was lucky to get 500 Mp/s so it's half working. Thanks for the help.

Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • Hello @Nick_S,

    Welcome to SonicWall community.

    If you are using an L3 switch on X0:V55, you would need the following on the SonicWall.

    1) A VLAN sub-interface with VLAN ID 55 and IP on the same subnet as the switch

    2) Static routes that say 10.10.20.0/24 and 10.10.80.0/24 can be reached via gateway 10.10.56.6

    On the switch you should have the default gateway as the firewall which is 10.10.56.1.

    If the traffic generated from those internal networks still cannot reach the internet, please check if the access rules are blocking them from LAN to WAN.

    You can perform a packet capture while you ping 8.8.8.8 or any WAN address from those internal machines to understand what may be taking place.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Nick_SNick_S Newbie ✭

    If I read this configuration right, you had one static route that took care of all internet traffic for all the VLANs? My current (mostly working) set up has a unique static route per vlan and I still can't get all WAN traffic to work. Many sites report "can't establish a secure connection" on browsers.

    For example, my destination is the ip of the VLAN interface on the core switch. 10.10.20.4 for instance. Where is your destination going to? That might be a feature of a Cisco switch, we are using Edge Switches by Ubiquity. Thank you for your very helpful response, this did help me get some bugs worked out.

  • mikew1102mikew1102 Newbie ✭

    Sorry about bringing up an old thread, but this is exactly what I am trying to do as well. Is the VLAN 55 in the diagram the management VLAN?

  • Nick_SNick_S Newbie ✭

    Mikew1102 - Yes...in that diagram we were using VLAN 55 as the management VLAN.

Sign In or Register to comment.