Sonicwall Routing – How to Route Between Subnets

routingsonicwall

I am trying to create a separate subnet, which is isolated from my LAN subnet. I want some controlled traffic flow between these subnets. I hope to control it using the Sonicwall firewall rules. But here is the thing, I want the machines to see each other directly, if allowed through the rules. What I mean is I want no NAT translation.

LAN_1: 172.16.1.0
LAN_2: 192.168.1.0

LAN_1 is the default LAN, the SonicWall LAN IP is 172.16.1.1

The SonicWall has 5 interfaces. X0 is LAN interface (LAN_1) and X1 is WAN.

I am wondering about how to setup LAN_2. Do I buy separate router, or can SonicWall give me this routing ability, if I define one of the available interfaces (X2,X3,X4) for connecting LAN_2?

Keep in mind I am no network engineer, but I am often forced to play that role.

Best Answer

What I mean is I want no NAT translation.

That is the default behaviour. Adding NAT translation between neighboring subnets would not be an 'enabled by default' feature. Simply adding those subnets into your SonicWall would allow them to communicate as long as your hosts are pointing to it as a default gateway.

I am wondering about how to setup LAN_2. Do I buy separate router, or can SonicWall give me this routing ability, if I define one of the available interfaces (X2,X3,X4) for connecting LAN_2?

SonicWall will give you that capability without the need for any additional routers. You may need more switches to deal with the additional hosts on your second subnet (LAN_2).

You're on the right track with the interfaces. Use any of the additional interfaces you have. Logically, your setup should look like this in the end.

               +-----------+ X0 ---- 172.16.1.1/24
WAN_IP ---- X1 | SonicWall | 
               +-----------+ X2 ---- 192.168.1.1/24

In this instance, X0 and X2 will be able to communicate.

Related Solutions

Vpn – Sonicwall not fowarding VPN traffic over tunnel

I had this problem but after trial/error finally fixed it. Before I start, let me just say that sonicwall documentation and support has gotten so much worse since the acquisition by Dell that I am moving away from sonicwall to almost any other solution (hi cisco + pan) when our support contract is up.

So I followed the rev b document 'configuring sonicos for amazon vpc' also. I configured it with dynamic tunnels with bgp (just because) and it came up. Not that the config document helped because the cli commands don't match with the reality of sonicwall firmware 5.9 on an nsa3500.

After getting the tunnels up and running and the bgp routes advertised, I could not route traffic from our lan (192.168.0.0/16) to the subnet of our vpc on amazon (10.23.0.0/16). I was convinced it was firewall rules until I took another look at the sonicwall routing table.

Basically, I had to create in the gui rules that should have been declared in the bgp cli config, and were not at all mentioned in the rev b config doc.

The rules I created were

source: any
destination : amazon vpc subnet 10.23.0.0/16
service: any
tos: any
gateway: 0.0.0.0
interface: ti2

I did another rule exactly the same for the ti3 tunnel interface.

Suddenly I was able to ssh into the ec2 instances instead of just being able to ping them.

I'm so upset with at sonicwall / dell.

Hope this helps somebody. Conversely, if there are any thoughts on how to improve this I'm all ears.

Routing Switch VLAN NAT Subnet – Best Practices for 2 Publicly Available Subnet VLANs and Inter VLAN Routing

It kind of depends on how much data you will be moving between these two external subnets. If you allow the HP to route directly between those subnets, you can have as many 1GB streams between them as you have ports configured for them. With "router-on-a-stick" (I've always called it vlan-on-a-stick, but same concept), you would be limited to just 1GB in total throughput between the vlans (leaving out the possibility of doing an lacp trunk between the SonicWALL and the HP).

In doing this method, the third vlan would be considered a "transit network", and would make it easier down the road as your network grows to implement a dynamic routing protocol, or to add more routers into the network, if the need ever arises.

The HP switch would be acting as your layer 3 core, and you would have an IP address in each of the 3 vlans. The SonicWALL would need only an access port to the transit network, and it's own IP on that network.

From there, a default route statement in the HP pointing to the SonicWALL's transit net ip address, and two static routes in the SonicWALL (one for each of your 'external' subnets) pointing back at the HP's transit net IP.

The easy button is to simply run a vlan trunk to the SonicWALL, and put an address on each of the vlans you want to route for. I've done it this way in the past, and if you don't plan on heavy traffic, it's perfectly viable, and pretty easy to configure.

If you could post some of your route statements in your attempts at setting up the transit net, I'm sure someone could help you get that straightened out.

Best Answer

Related Solutions

Vpn – Sonicwall not fowarding VPN traffic over tunnel

Routing Switch VLAN NAT Subnet – Best Practices for 2 Publicly Available Subnet VLANs and Inter VLAN Routing

Related Topic