Sonicwall – Configuring Multiple Subnets on Sonicwall Firewall

sonicwall

I have a sonicwall NSA 2400 firewall which has a LAN on X0, WAN on X3 (Failover WAN on X1). The X0 lan is running subnet 192.168.50.x (interface IP of 192.168.50.253) and everything is working fine on this subnet.

Today I have added another LAN to the network through a new switch operating on 192.168.250.x subnet. I have plugged the switch into the X4 interface on the firewall and configured the X4 interface to have static IP of 192.168.250.253. The new switch has a gateway of 192.168.250.253. I can now see the firewall using this IP through any device on the new subnet.

My new subnet is working fine and traffic is segregated from the main subnet which is what I desire, but how can I enable internet access for the new subnet?

Best Answer

First double check the devices on that X4 subnet: Can they reach the router (192.168.250.253)? Is that is their default gateway? Correct subnet mask? Are you statically assigning IPs or using DHCP? Assuming all is well and they can reach the router but not beyond:

If you can't connect between your X0 LAN and X4 other subnet then I assume they are in separate Zones (unless you created one I will assume DMZ for X4) -- or you disabled Interface Trust for the LAN Zone. By default the DMZ Zone will have internet access, but you can check several places to ensure it has access:

What Network | Zone is X4 in? If the same Zone as X0 then is Interface Trust enabled on that Zone? Likely not if you can't connect between them.
Check the Firewall | Access Rules. Look at DMZ (or your Zone) > WAN: You should have an Any / Any / Any Allow rule, if not you can create one or perhaps you have added a Deny rule with a higher precedence.

Look at the LAN > WAN rules to see what it should look like. Usually it is last and usually the only rule [unless you are blocking some outbound traffic]

If they are in the same Zone and Interface Trust is off then you may have changed the default rule from Any to X0 Subnet.

Check the Network | NAT Policies. An Auto-Added Policy is usually added automatically. You may be missing one from Inbound Interface = X4, Outbound Interface = X3. You will probably see one for X0 (in) -> X3 (out). Near the bottom. Source IP is Any, Translated IP is X3 IP Address or WAN Primary IP or something. [Destination IP and Services are all Any / Original]

You can create one if one doesn't exist. But I would look under the X4 Interface' properties (Network | Interfaces) -- on the Advanced tab. Make sure Use Routed Mode is NOT checked off. If it is that disabled NAT, which you need if you are using an RFC 1918 non-routable/non-Public subnet on X4.

Finally check Network | Routing. There should have been a rule added automatically for Source = Any, Destination = X4 Subnet, Service = Any, Gateway = 0.0.0.0, Interface = X4 so that the inbound traffic can come BACK to the correct subnet.

You'll see one for your X0 subnet. I suspect this isn't the problem but you can look. Chances are you have either managed to disable NAT or have a Firewall rule blocking the traffic.

Best Answer

Related Solutions

Routing – Sonicwall NSA 2600 routing issues with multiple LAN interfaces configured

SonicWALL HA w/ Dual WAN HSRP from two redundant switches

Related Topic