4

I have a client that uses a SonicWALL NSA 2400 as their firewall. I need to setup a second LAN subnet for a handful of PC. Management has decided that there should be a second subnet even though intend to allow access across the two subnets - I know...

I'm having trouble getting communication across the 2 subnets. I can ping each gateway, but I cannot ping or seem to route traffic fron subnet A to subnet B.

Here is my current setup:

  • X0 Interface: LAN zone with IP addres 192.168.1.1
  • X1 Interface: WAN zone with WAN IP address
  • X2 Interface: LAN zone with IP address 192.168.75.1

I have configured ARP and routes for the secondar subnet (X2) according to this SonicWALL KB article: http://www.sonicwall.com/downloads/supporting_multiple_firewalled_subnets_on_sonicos_enhanced.pdf using "Example 1".

At this point I don't minding if I have to throw the SonicWALL GVC software VPN client into the mix to make it work. It feel like I have an Access Rule issue, but for testing I made LAN > LAN, WAN > LAN and VPN > LAN rules wide open with the same results.

Kyle Noland
  • 1,039
  • 3
  • 19
  • 21

3 Answers3

1

I'm not familiar with the NSA-series, but the article you followed was instructions how to get two subnets to talk behind ONE physical interface. You're setup is two physically separate LAN ports. It seems like setting up a static route on both SonicWalls should allow them to communicate.

bobby
  • 11
  • 1
1

The Sonicwall X2 to X0 or X0 to X2 does not need any specific routes. The firewall will forward this accordingly based on default routes. So you need to focus on only the access rules. LAN to LAN is allowed by default. So if you want to be specific, create another trusted zone for X2 and choose that. So in the Firewall access rule you can have more granular control.

After all these if it does not help then you need to perform a packet capture on destination IP and find out if its sent to the right MAC address. Normally windows machines have a built-in firewall which blocks access from other subnets. So ensure you disable that and test this.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Kiran
  • 11
  • 1
1

Try going to Network --> Zones. Make sure that X2 is a trusted interface and also that it is a member of the LAN zone.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
KO26
  • 11
  • 1