1

I setup 2 SonicPoints with the following interfaces: SonicPoint Interfaces

For some reason, I cannot communicate between the two devices. I've tried RDP and pinging. ie; from X6:V90 to X7:V90. However, all devices get IPs, DNS, and can communicate with their respective hosts and reach externally.

I tried setting up routing between them: Routing Rules That didn't make any difference.

Everything I can find online says that they should all be able to communicate by default, but I inherited this device so I don't know what config is different from default.

The goal eventually is to have 2 networks - 1 Corporate, 1 Guest. Corporate should be able to communicate with X0, Guest should not. (Currently there are 2 Guest, 2 "Corp" and 1 LAN.) DHCP on the LAN subnet is being handled by a Windows Server on the domain.

Please let me know what useful information I can supply.

Scott Curtis
  • 11
  • 3

2 Answers2

0

I see the routing rule, but you must make the firewall rule too. By default it's deny in the firewall rules for inter zone routing.

Edit: So it's routing like you wrote, and the firewall rule to add.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • Thanks @yagmoth555, that helped me find the right direction. I ended up calling SonicWall support and they helped me, will post my resolution notes. – Scott Curtis Sep 08 '17 at 17:40
  • @ScottCurtis glad to know it helped and that you found the solution! dont forget to upvote if it helped and mark your answer too :) – yagmoth555 Sep 09 '17 at 11:33
0

So I spoke with SonicWall support, and followed their recommendations:

When using interfaces for the sonicpoints, all the confusion can be avoided using "L2 Bridged Mode" Under Mode/IP Assignment once the WLAN Zone has been selected on the second SonicPoint. This is supposed to be pointed at the original interface.

My firmware on an NSA2600 model was too old and didn't support this option, so I ended up using a gigabit dumb switch off of the one interface instead. In this config, only one interface was configured for wireless and both SonicPoints were connected to it via the switch.

That turned my 2 separate subnets per SSID into one per SSID, allowing communication between the two APs.

From there, using the "Firewall" -> "Matrix", we allowed traffic from the Corp Wifi to the LAN, and vise versa. I could not ping until "Security Services" -> "Intrusion Prevention" -> "Low Priority" and "Security Services" -> "Anti-Spyware" -> "Low Danger Level Spyware" were disabled.

I used the internal DNS servers on our AD for the corporate wifi, and SonicWalls DHCP server.

In the end, no routing rules were needed, as by default all traffic can route but is blocked by the firewall.

Scott Curtis
  • 11
  • 3