Splitting up multiple WAN's on Sonicwall

Question

I have a cable connection running to our FW. We are supplanting that connection with another fiber connection to be used on a separate LAN.

The cable connection and LAN is running fine.

If I connect the fiber connection (they are NATing a public ip to a private that they gave us), and set the ip address a mask as instructed (the local ip address they gave us) to a laptop, it works and I can surf as expected. But, I can not get the connection to work through our FW. I have tried many different configurations.

X0 <- cable
X1 <- lan
X2 <- fiber
X3 <- fiber_lan

X0 is WAN, and I've tried X2 as both WAN and as a separate interface with Static ip set to their instructed local ip--not sure which is correct--neither worked (probably because something else was misconfigured).

Then Routes:

This part is confusing... When asked for source, I assume where the traffic will enter the FW from. Destination, I assume where the packet is supposed to go. Gateway, I assume the GW of the interface it should go to (?). Interface, well, I guess I assume the interface that should be used (not where it came in).

So for X2 the route is something like:
Source : X2
Destination: X3 subnets
Svc: any
Gateway: X3 GW
Interface: X3

Then X3:
Source : X3
Destination: any
Svc: any
Gateway: X2 GW
Interface: X2

According to the packet monitor, it looks like packets are getting forwarded to the proper destination from fiber_lan to WAN, but nothing is coming back in.

Also, is multicast support needed for this to work properly? We are planning on using VOIP so QoS is planned if that matters.

Thanks.

score 1 · Accepted Answer · answered Mar 15 '11 at 13:43

OK, couple things. First off, you don't need the first of your two rules there. The Sonicwall already knows how to route to your fiber_lan, because it's directly connected. In fact, there will be a rule automatically added for that LAN. You couldn't remove it if you tried.

On your second rule, try changing the destination's any to 0.0.0.0/0. That's the syntax the firewall appears to use for its own default route. Make sure your rule is higher in priority than the default one added by the OS. (From any to 0.0.0.0/0)

You mention that it doesn't look like packets are returning. Are you sure that NAT is working properly? There should be some auto-added rules providing translation for data heading out the X2 interface. You can probably verify this pretty easily, by putting your laptop on the same subnet as your X2 interface, and trying to connect to that. You can then packet dump from the laptop, and see what is actually hitting it.

--Christopher Karel

You're welcome, Microchasm. Glad I could help. – Christopher Karel Mar 16 '11 at 20:17 — Christopher Karel, Mar 16 '11 at 20:17

score 0 · Answer 2 · answered Mar 15 '11 at 17:14

Set up X2 as WAN since, well, it's a WAN. X3 is fiber_wan (TRUSTED, static, DHCP)

2 Routes:

1)WAN to fiber_lan:

_Source_  _Destination_   _Service_   _Gateway_   _Interface_  _Metric_
   Any      X3 Subnet        Any       0.0.0.0        X3          20

2)fiber_lan to WAN:

_Source_  _Destination_   _Service_   _Gateway_   _Interface_  _Metric_
fiber_lan      Any           Any      X2 Def. GW      X2          20

Thanks!

Splitting up multiple WAN's on Sonicwall

2 Answers2

Linked