Isolate Multiple WAN Connections on Sonicwall


I currently have a cable connection running through our Sonicwall firewall providing WAN access to users. We have a fiber connection coming in shortly which will be used for IP telephony. I would like use our NSA for both connections, but want to make sure it's set up correctly.

Will access rules be enough to keep the connections isolated? IOW, I do not want the existing LAN (cpu's, servers) to be able to connect to the WAN via fiber; nor the VOIP appliances connect to WAN via Cable. Will access rules take care of this, or is it better to set up a VLAN for VOIP?


Best Answer

I believe you should be able to use the routing table to accomplish this. Essentially, the Network->Routing tab should let you create routes for your two networks. I think a rule from the LAN source, to any IP, should use the default gateway for your cable interface. Then a second rule stating that any traffic from the VOIP network, to any destination, should use the fiber default gateway. I'm hoping each of these networks is distinct in logical and hopefully physical ways, as that would make things a little easier.

You can definitely back this up with firewall rules only allowing traffic between the proper networks. But firewall rules won't actually direct traffic where you want it to go, it will only stop it from going where you don't want.

And, of course, you'll probably want to use the packet sniffer to verify everything's doing what you want it to.

--Christopher Karel

Related Topic