I desperatly need some help. Ok, quick topic. We've a fiber optic link configure through a Cisco 2960 with 2 externals VLAN (one for voip, one for data configure through 4 of the 2960 ports) on which I don't have any control. In one of those 2 VLANs, I've all my local building patch panel and switch configure with 5 internal VLANs (management, phone, computers, wifi public and wifi admin). The computers VLAN (the X3:V73 on the TZ215) gives address over DHCP but in the range of the VLAN on the Cisco 2960 to be able to have direct internet access without using the WAN port on the TZ215. All that is working perfectly fine. But during my test phase, I've used the SonicWall IP as my gateway (X3:V69, X3:V73, X3:V83) and all the concerned VLANs grouped on the same TZ215 interface (X3 in this case), give me the access to all the VLAN configure on that port, which is nice. But now, after changing the gateway (to use the internet gateway of the fiber provider on the Cisco 2960) to put all computers in productions mode, I'm not able to access the other VLAN on the X3 port. I'm pretty sure it has something to do with the static routing, but after an afternoon trying to resolve this issue and a big headache later, I'm here asking for some help. I've tried to configure the SonicWall with 2 gateways, very bad idea with Windows…it slows internet badly and internal request on local computers just doesn't work.
Any idea or questions about my setup are more than welcome
Draven
Yes, sorry…I'll try to be a little more clear.
SonicWall TZ215 Interface X3 (3 Vlans for now...)
X3:V69 for management
X3:V73 for computers
X3:V83 for wireless admin
X3 Interface enter the first port of a GS724T linked with another GS724T and two FS728TP, all linked together by a trunk port.
One of the GS724T port are configured as an "access" port directly into the Cisco Catalyst 2960 port 19 but this switch is provided pre-configured by our fiber link provider. This port (19) is configured as an "access" port in which every computer or device in the IP range of this specific vlan automatically gain internet access, so, no need to use the WAN interface on the SonicWall.
So, my SonicWall computer vlan (X3:V73) address the computers in the pre-configured "good" range of IP to gain internet access without TZ215 WAN port.
Example (simple scenario) :
TZ215(X3:V73) ---> GS724T Port 1 ("trunk")
Computer 1 ---> GS724T Port 2 DHCP in the good range
GS724T Port 24 ---> Catalyst 2960 ---> Internet
TZ215(X3:V69) ---> GS724T Port 1 ("trunk")
Manageable switch ---> GS724T Port 3 DHCP in another range (of course, in another vlan)
So the switch in the port 3 doesn't gain internet access directly because it's not in the good range of the pre-configured Catalyst 2960 but that's totally fine.
In this scenario, as long as I keep the TZ215 corresponding interface IP as my gateway in my DHCP pool, I can access all 3 vlans configured on the same port even if I can't access internet, and that's exactly what I want. But as soon as I switch to the fiber provider gateway in my DHCP pool (to disable the WAN port on my SonicWall), vlans doesn't seem to see each other. I would like to be able to configure some of the vlans on the TZ215 X3 Interface (with my 3 vlans) to communicate together. Example, the X3:V73 Windows 2012 Server accessible from the X3:V83 Wireless Admin Network.
But the X3:V73 assign address in the range of 10.146.10.0 and the X3:V83 assign address in the range of 10.83.0.0. As long as I keep the interface IP of the TZ215 as my gateway, everything works fine but the goal of our last month mega-network-redesign was to gain access directly without the TZ215 WAN Port. And to achieve that, I have to switch the gateway to the one provided by our fiber provider and as soon as I did that, I lose access to the other vlan on the X3 Port.
BTW, Thank you VERY much to try to help me…If you really need a drawing, I'll try to "mspaint" something tomorrow morning.
Ok, here's the network diagram with old and new network :
If computers or devices connected in the Catalyst get an address in the 10.146.0.0 range, they get internet access. So, in the old network, computers were addressed in the range of 10.0.100.X but the X1 WAN interface was in the 10.146.0.0 so, we used the WAN interface but only one address in our pre-configured pool on the Catalyst. No vlan on the old network. The new network, for now, has 3 vlans on the X3 port (69 (management),73 (computers),83 (wireless admin)). VLAN 73 has a dhcp range in the 10.146.0.0 in order to access internet directly, without the use of the SonicWall WAN port. The pre-configured gateway on the Cisco is 10.146.0.1 and the SonicWall is 10.146.0.2 (IP address on the X3:V73 port). If I put 10.146.0.2 as my gateway address, I am able to ping all other devices in all other vlans on the same port (X3 in this case) but I can't disconnect the WAN cable of the SonicWall. If I put the pre-configured Cisco gateway (10.146.0.1) as the gateway, I can disconnect the WAN cable of the SonicWall but I can't ping other devices on different vlan on the X3 port.
The question is, I want to do both. Remove the WAN cable and be able to ping all other devices on my 3 vlans on X3 port of the SonicWall.
I hope it's a little more clear and I would really like to thank everyone for their precious help.
Draven
P.S.: Sorry for my bad english…
Best Answer
You need to leave the gateway set to your TZ215 device...how is it supposed to know what route to use if you asks someone else? :) You are not tied to WAN interface X0, but you need to assign a WAN zone to an interface....and define routing between zones. It's not clear what your situation is, a network diagram could be a terrific help, though.