4

How would I force a set of people based on their IP to use a specific WAN port using a SonicWall FW? Also, how do I setup the second ISP to work on x2?

Using a SonicWall NSA240 Enhanced with 5.6 We want to force groupA to use ISP1 and groupB to use ISP2. All of the "groups" use the same subnet. 192.168.0.x/24

Currently every one goes out ISP1 that has 5 static IP's. The new additional ISP has it's own static IP.

cwheeler33
  • 764
  • 2
  • 5
  • 16

4 Answers4

7

This can be done, but your users need to either be on differing subnets, or static IPs.

This is handled at the Routing Policy level. Create an Address Group for the subnets (or static IPs) you want routed by X2 instead of X1. Then go to the Routing tab. Create a new Routing Policy that states that anything from that one Address Group will egress through the X2 interface/IP. Set the Interface to X2.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • 2
    This is the correct answer. HOWEVER, in SonicOS Enhanced, you can create address objects based on IP address ranges that don't have to conform to subnet boundaries. (i.e. 192.168.0.30-192.168.0.40 on a subnet with a 24 bit mask) – Safado Aug 05 '11 at 22:51
  • Thanx to the both of you! It's working like a charm... I setup the 2 address ranges and then put them into an address group. Then in the routing policies I specied the source as my new group to use the X2 Default gateway. I've tested addresses both in and outside of the group using www.whatismyip.com and it's working as expected. Again thanx for your help! – cwheeler33 Aug 08 '11 at 16:42
0

Not a Sonicwall specific answer, but you want to look for "Source Based Routing" in your Sonicwall docs. Sorry I'm not a Sonicwall guy, but this should point you in the right direction.

Jeff Hengesbach
  • 1,762
  • 10
  • 10
0

I have done this on my system but only some things are working now. Netflix and Hulu do not work from that network but on the primary group it works fine any thoughts

Russell G Rowe Jr.
  • 1
0

I just got this working and I think I will give a more specific answer for those who need it.

first give the client computers a static ip address that they will use forever!

then you need to log into the sonicwall and go to Network -> Address Objects then click "Add.." (not "Add group...")

I did a range of one IP address, Zone Assignment: LAN , start IP and end IP the same address.

then go to

Routing and for Route Policies at the bottom click "add..."

from there fill it out as follows:

source: the IP Address object that you created earlier. Destination: any service: any Gateway: X1 gateway (or whatever interface number of the modem that you want to use) Interface: X1 (or whatever interface number of the modem that you want to use) Metric: 20 comment: This will force a single WAN in use

then click OK. and done!

user1944720
  • 1