Thanks for the video. I have a reporting server that is accessed both internally and externally, would you segregate the server with a vlan? If so, how would you recommend doing it and would it take a performance hit using a vlan? Thanks!
I personally always consider something accessible from anyone on the outside as something that WILL get hacked one day. Yes turning all security services on the firewall and always patching that server will help tremendously, but I think everyone will agree, it's not a 100% bulletproof guaranteed. so yes I would create a zone and an interface (or VLAN) just for that server. I would ensure it has no access to your internal networks (no access rules from that zone to any internal zones), but internal zones/networks can access that server (access rules from an internal zone to that server's zone). so if/when that server gets hacked, attackers wont have any access to any internal networks. it will be like a dead-end. yes that will create more load on your firewall as now anyone internally that wants to reach that server will have to go through the firewall. but since that server is accessible from the outside, I assume it does not require huge bandwidth.
Thank you for taking the time to make this video. I just recently started supporting a SonicWall and this information helps. I'm wrapping my head around network segmentation. The SonicWall was configured by someone else and now I'm trying to figure out how to manage it. Talk about a crash course on networking. I really appreciate that you are doing SonicWall videos.
Hi JP, Thanks for the video. I recently took over a bunch of TZ300, that had a flat network. I knew that was bad. The TZ300 have only default rules and setup. They are only using X0 and X1. So I went to enable X2 or X3 to cable a new network up. I gave them a different IP address on a different subnet than X0(LAN). I turned on DHCP on those X2,X3 interfaces, but neither of these interfaces is reachable! Meaning, I cannot get to the IP address on X2 or X3, and even giving a static IP address to a laptop and directly connecting doesn't connect to the sonicwall. I am at a total loss. This should be super basic. The TZ300 says the interfaces are online, enabled and have a speed of 1Gbps. In your video, you added a static IP to X7(called it manufacturing) and it just worked! I put the X2 and X3 in the "LAN zone" so it should be easy. Any clues or tips would be appreciated( I enabled ping and mgmt on the interface). If I were to configure X4 and X5, the same thing will happen. It would be great if you can show a video how to make these other interfaces work. Thanks, Bryan
Hi Bryan, I feel you may not have created access rules for x3. By default new interfaces will not have any access rules by default. It might just be that. Try adding a any-any policy from x3 to wan. You should have internet access. Then tighten the security obviously:-)
I am also new to this. I am responsible for creating a network for a small business of 5-10 users. We have a server I am trying to place behind the firewall and our router/modem is before the firewall. I have X0 and X1 configured. X1 is assigned the static IP from our ISP and I am trying to configure X2/X3 for our server. I need our server to be reachable remotely so I set the static IP from the range given by our ISP and the private IP. I can ping the private IP from our sonicwall interface but cannot reach the static IP. Is this an issue with interface configuration or do I need to create custom NAT and/or access rules?
hi Cameron, here is a KB that should be helpful. www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/
sorry Ismail, for some reasons youtube held your comment for review. go into monitor (top menu), then real-time chart. you will find different menus and tabs about bandwidth per interfaces, applications...
This is aloy like fortinet. Though that freaking monitoring tool is amazing I'll have to see if fortinet has something like it.. everything is modular if you create a new vlan you MUST give it rules to do anything if you want it to have web access you must create New vlan-->Wan policy
Hi Balla, I would be surprise fortinet not having a good monitoring tool. But they surely don’t have a JP doing videos! to help people get the most out of their network security solutions! Lol!
Thanks for the video. I have a reporting server that is accessed both internally and externally, would you segregate the server with a vlan? If so, how would you recommend doing it and would it take a performance hit using a vlan? Thanks!
I personally always consider something accessible from anyone on the outside as something that WILL get hacked one day. Yes turning all security services on the firewall and always patching that server will help tremendously, but I think everyone will agree, it's not a 100% bulletproof guaranteed. so yes I would create a zone and an interface (or VLAN) just for that server. I would ensure it has no access to your internal networks (no access rules from that zone to any internal zones), but internal zones/networks can access that server (access rules from an internal zone to that server's zone). so if/when that server gets hacked, attackers wont have any access to any internal networks. it will be like a dead-end.
yes that will create more load on your firewall as now anyone internally that wants to reach that server will have to go through the firewall. but since that server is accessible from the outside, I assume it does not require huge bandwidth.
Thank you for taking the time to make this video. I just recently started supporting a SonicWall and this information helps. I'm wrapping my head around network segmentation. The SonicWall was configured by someone else and now I'm trying to figure out how to manage it. Talk about a crash course on networking. I really appreciate that you are doing SonicWall videos.
Thanks for masking these videos. Please continue your awesome content.
This is great tutorial, is good for my SonicWall learning curve!
Thanks Jean-Pier. Good overview and good info for setup of better networks.
Thanks for these videos! they help more than you can imagine!
Hi JP, Thanks for the video. I recently took over a bunch of TZ300, that had a flat network. I knew that was bad. The TZ300 have only default rules and setup. They are only using X0 and X1. So I went to enable X2 or X3 to cable a new network up. I gave them a different IP address on a different subnet than X0(LAN). I turned on DHCP on those X2,X3 interfaces, but neither of these interfaces is reachable! Meaning, I cannot get to the IP address on X2 or X3, and even giving a static IP address to a laptop and directly connecting doesn't connect to the sonicwall. I am at a total loss. This should be super basic. The TZ300 says the interfaces are online, enabled and have a speed of 1Gbps. In your video, you added a static IP to X7(called it manufacturing) and it just worked! I put the X2 and X3 in the "LAN zone" so it should be easy. Any clues or tips would be appreciated( I enabled ping and mgmt on the interface). If I were to configure X4 and X5, the same thing will happen. It would be great if you can show a video how to make these other interfaces work.
Thanks,
Bryan
Hi Bryan,
I feel you may not have created access rules for x3.
By default new interfaces will not have any access rules by default. It might just be that.
Try adding a any-any policy from x3 to wan. You should have internet access. Then tighten the security obviously:-)
Wow that monitor tool is amazing
This was very helpful! Thank you sir!
Sir u r great.
I m suggest. Please do sonicwall tz600 technical video
I am also new to this. I am responsible for creating a network for a small business of 5-10 users. We have a server I am trying to place behind the firewall and our router/modem is before the firewall.
I have X0 and X1 configured. X1 is assigned the static IP from our ISP and I am trying to configure X2/X3 for our server. I need our server to be reachable remotely so I set the static IP from the range given by our ISP and the private IP. I can ping the private IP from our sonicwall interface but cannot reach the static IP. Is this an issue with interface configuration or do I need to create custom NAT and/or access rules?
hi Cameron,
here is a KB that should be helpful.
www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/
How do I Check for high utilization bandwidth
sorry Ismail, for some reasons youtube held your comment for review.
go into monitor (top menu), then real-time chart. you will find different menus and tabs about bandwidth per interfaces, applications...
This is aloy like fortinet. Though that freaking monitoring tool is amazing I'll have to see if fortinet has something like it.. everything is modular if you create a new vlan you MUST give it rules to do anything if you want it to have web access you must create New vlan-->Wan policy
Hi Balla, I would be surprise fortinet not having a good monitoring tool. But they surely don’t have a JP doing videos! to help people get the most out of their network security solutions!
Lol!