We're adding two SonicWALL NSA 2600 firewalls to our current setup. We currently get two WAN connections from two separate Cisco routers running on the same external subnet with what I believe is HSRP. Right now we run these two connections into two Cisco switches, and all of our computers then plug into both switches with NIC teaming.
In the new setup, we'd like to create a 3-port VLAN on each switch, one port for the WAN connection from the Internet and two ports for each NSA 2600. I've got the WAN port setup from one switch to each SonicWALL in HA mode. If I add the second switch connections to X2, I can't figure out how get the bridged in the Network section. If I choose the WAN zone, I just get Static, Wire Mode, and Tap Mode. Static doesn't make much sense, since I'd need to pick a new IP address. Wire Mode will only let me choose unused interfaces (X4 and X5), and Tap Mode looks totally useless.
Does anyone have any tips on how to make this work or where to learn more about getting something like this working?
In case a diagram might help someone understand what I'm trying to do:
Here is what it looked like pre-firewall:
Here are pictures of what I'm seeing on my LAN side:
Nothing like that seems to exist on the WAN side:
Best Answer
Based on the information I've found and in testing configurations on an NSA 2600 in order to utilize multiple WAN connections on the same subnet, an intermediary device such as a load balancer would be needed. The load balancer would present a single link to each Sonicwall such that a single interface could be configured and the load balancer would handle the failover if one of the Cisco Routers went down. The setup would look similar to the following diagram:
The other, much more complex option would be to test creating a custom Zone on the Sonicwall and modifying the routes to use that zone as a WAN. The downside besides the obvious time commitment to configuring the routes is that this option would not allow for Failover & LB to utilize this zone. I would recommend looking into a load balancing device or similar intermediary between the Ciscos and the Sonicwalls.