SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
Network > Interfaces
207
SonicOS 5.8.1 Administrator Guide
Perimeter Security
The following diagram depicts a network where the SonicWALL is added to the perimeter for
the purpose of providing security services (the network may or may not have an existing firewall
between the SonicWALL and the router).
In this scenario, everything below the SonicWALL (the Primary Bridge Interface segment) will
generally be considered as having a lower level of trust than everything to the left of the
SonicWALL (the Secondary Bridge Interface segment). For that reason, it would be appropriate
to use X1 (Primary WAN) as the Primary Bridge Interface.
Traffic from hosts connected to the Secondary Bridge Interface (LAN) would be permitted
outbound through the SonicWALL to their gateways (VLAN interfaces on the L3 switch and then
through the router), while traffic from the Primary Bridge Interface (WAN) would, by default, not
be permitted inbound.
If there were public servers, for example, a mail and Web server, on the Secondary Bridge
Interface (LAN) segment, an Access Rule allowing WAN->LAN traffic for the appropriate IP
addresses and services could be added to allow inbound traffic to those servers.
Workgroup Switch
VLAN 100
X0 (LAN)
IP= Transparent Mode
(Range 192.168.0.100 to 192.168.0.250)
MAC=00:06:B1:10:10:10
SonicWALL Firewall L2 Bridge Mode
WorkStation
IP=10.0.100.200/24
GW=10.0.100.1
MAC=00:11:55:66:77:88
Server
IP=10.0.100.100/24
GW=10.0.100.1
MAC=00:CC:AA:BB:EE:EE
LAN 10.0.100.x/24
WorkStation
IP=10.0.200.200/24
GW=10.0.200.1
MAC=00:11:22:33:44:55
Server
IP=10.0.200.100/24
GW=10.0.200.1
MAC=00:AA:BB:CC:DD:EE
LAN 10.0.200.x/24
Workgroup Switch
VLAN 200
Switch
L3 Switch
X1 (WAN)
IP= 192.168.0.12/24
MAC= 00:06:B1:10:10:11
GW= 192.168.0.1
Interface e0
IP= 10.0.0.1
Interface s0
ISP Assigned
Router
Internet
VALN Interface 100
IP= 10.0.100.1
VLAN Interface 200
IP=10.0.200.1
Gateway 10.0.0.1
(default VLAN)
VLAN Trunk
VID 100
VID 200
Default VLAN
link/spd
pc card lanwanopt 1 2 3 4
5 6
signal
link/act
activity
NSA 240
NSA 2400