manualshive.com logo in svg

Dell sonicwall x series, Deployment Manual

The Dell SonicWall X Series is a cutting-edge network security appliance designed to safeguard your digital environment. For seamless implementation, check out the comprehensive Deployment Manual provided by Dell. Easily download this user-friendly manual for free at manualshive.com and unlock the full potential of your SonicWall X Series.

Share
Download
background image

Dell SonicWALL X-Series Solution Deployment Guide

Configuring the X-Series Solution in various topologies

35

Configuring HA and PortShield with dedicated 
uplink(s) 

There are two ways to configure HA units with dedicated uplinks:

Configuring HA using one extended switch management port

 on page 

35

Configuring HA using two extended switch management ports

 on page 

36

Configuring HA using one extended switch management port

In this configuration with PortShield functionality in HA mode, firewall interfaces that serve as PortShield hosts 
should be connected to the X-Series switch both on the active and standby units. The PortShield members 
should also be connected to ports on the X-Series switch. The link between the firewall interface serving as the 
PortShield host and the X-Series switch are setup as a dedicated uplink.

Figure 5

 shows a TZ300 HA pair with an X1026 switch and one dedicated link:

The firewall interfaces, X3 and X4, on the primary unit are connected to ports 12 and 13 on the X-Series 
switch. 

X3 and X4 are configured as PortShield hosts. 

Similarly, the firewall interfaces X3 and X4 on the secondary unit are connected to ports 14 and 15 on the 
X-Series switch. 

Ports 12 and 14 on the X-Series switch are portshielded to X3 with the dedicated uplink option enabled. 

Ports 13 and 15 on the X-Series switch are portshielded to X4 with the dedicated uplink option enabled. 

Ports 2 and 4 are portshielded to X3. 

Ports 3 and 5 are portshielded to X4. 

When the secondary unit acts in active HA mode, traffic between H1 and X3 is carried over the dedicated link 
between X3 and 14, and traffic between H3 and X4 is carried over the dedicated link between X4 and 13. 

The link between the firewall interface, X0, and port 1 on the X-Series switch carries the management traffic to 
manage the switch from the firewall. In such a configuration, X0 is configured to be in the same subnet as the 
switch. Also, X0 on the primary as well as the secondary is ensured to be connected to port 1 of the switch (for 
example, via a hub) so that when the secondary firewall becomes the active unit, the switch can be managed 
via the link between the firewall interface X0 on the secondary and port 1 of the switch. In such a 
configuration, when the switch is provisioned, the Primary Switch Management and Secondary Switch 
Management are set to 1.

Figure 5. HA pair using one extended switch management port topography

IMPORTANT: 

To use the TZ/X-Switch Solution with HA, you must first create an HA system, and then add 

the Dell X-Switch.

Summary of Contents for sonicwall x series

Page 1: ...Dell SonicWALL X Series Solution Deployment Guide ...

Page 2: ...and names mentioned herein may be trademarks of their respective companies X Series Solution Deployment Guide Updated May 2016 Version 6 2 5 232 003255 00 Rev A Legend CAUTION A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed WARNING A WARNING icon indicates a potential for property damage personal injury or death IMPORTANT NOTE NOTE TIP MOBILE ...

Page 3: ...ut a default gateway 15 Provisioning with a default gateway 16 Adding the X Series switch to SonicOS 17 Adding an extended switch 17 Deleting an extended switch 19 Configuring the X Series Solution in various topologies 20 About topologies 20 About links 21 Connecting the X Series switch management port to a TZ firewall 21 Configuring the different topologies 22 Configuring a common uplink 22 Conf...

Page 4: ...ality and X Series switches on page 7 Recommended reading on page 8 TZ X Series Solution a unified approach Critical network elements such as a firewall and switch need to be managed usually individually The Dell SonicWALL X Series Solution allows unified management of both the firewall and the switch using the firewall management interface UI and GMS For example the maximum number of interfaces a...

Page 5: ...nces These TZ Series appliances TZ600 TZ500 TZ500W TZ400 TZ400W TZ300 TZ300W Support these X Series switches X1008 X1008P X1018 X1018P X1026 X1026P X1052 X1052P X4012 NOTE The X Series Solution is not supported on the SOHO W appliance HA High Availability IDV Interface Disambiguation via VLAN The reconfiguring of ports portshielded to firewall interfaces on the extended switch as access ports of t...

Page 6: ...tch using the SonicOS management interface and Dell SonicWALL GMS version 8 1 SP1 or higher GMS supports all configuration operations such as provisioning of an extended switch configuration of extended switch interface settings and manageability of extended switch global parameters For information about managing extended switches with GMS refer to the latest SonicWALL GMS Administration Guide Hig...

Page 7: ...in Table 2 Configuration of the PoE PoE ports on the X Series switch is managed from the UI of the X Series switch and not the Network Portshield Groups page on the TZ series appliance Table 2 X Series switch PoE PoE and SFP SFP support This X Series switch Supports X1008 1 PoE PD port by default port 8 is the PD port X1008P 8 PoE ports up to 123W total by default ports 1 through 8 support PoE X10...

Page 8: ...ell SonicWALL X Series Solution Dell SonicWALL integration with Dell X Series Switches FAQ 185430 Dell SonicWALL TZ X solution How to provision X Series switches on SonicWALL TZ series firewalls 185057 Dell SonicWALL X Series Solution How to provision Dell X Series Switches on a SonicWALL TZ High Availability HA system 186085 Dell SonicWALL X Series Solution How to manage Dell X Series switch s ad...

Page 9: ...appliance through the X Series switch user interface 1 Ensure the TZ series appliance is running SonicOS 6 2 5 1 or higher If necessary upgrade the appliance s firmware 2 On the X Series switch locate the white label containing the default IP address Network Mask user ID and password Record this information as you will need it when configuring the switch on the firewall IMPORTANT If the topology h...

Page 10: ... change to Managed mode 4 Connect the X switch console By an RJ45 cable to a PC in the same subnet as the X switch if configuring through the X switch GUI Through Telnet 9600 baud if configuring through the CLI 5 Power on the X Series switch 6 In your PC browser go to 192 168 2 1 The login screen for the X switch displays NOTE If the X switch is not in Managed Mode then it cannot be managed with S...

Page 11: ...the X Series switch s IP does not change dynamically when the DHCP server is enabled on the firewall ensure Static IP is selected for IP Address Source instead of Dynamic IP DHCP which is the default 11 Verify the Static IP Properties information 12 Configure the IP addresses of the switch in the appropriate fields for example NOTE The username is admin and the password is admin NOTE Selecting Sta...

Page 12: ...Password and Re enter Password fields 15 Click Next The Switch Information page displays 16 Complete the Switch Information and SNMP Settings pages as described in the Dell Networking X1000 and X4000 Series Switches User Guide 17 Click Next The Simple Network Management Protocol SNMP Settings page displays 18 Complete the SNMP Settings page as described in the Dell Networking X1000 and X4000 Serie...

Page 13: ...xt The Summary page displays 20 Click Finish The configuration is written in the Startup configuration of the X switch 21 Configure the interface as VLAN 1 22 Ensure the firewall can reach the X Series switch by pinging the X Series switch from the firewall before provisioning managing the switch from the firewall ...

Page 14: ...oning an X Switch on a TZ series appliance 14 Adding a default gateway through the X Switch UI To add a default gateway to a switch through its UI 1 In the UI select Switch Management IPv4 Addressing or IPv6 Addressing The Edit IPv4 Addressings page displays ...

Page 15: ...efault gateway on page 16 Provisioning without a default gateway To provision the X Series switch on a TZ series firewall without a default gateway 1 Provision the X Series switch by performing Step 1 through Step 7 in Provisioning through the X Series switch user interface on page 9 2 Enter the following CLI commands console configure terminal console config username admin password console config...

Page 16: ...ision the X Series switch by performing Step 1 through Step 7 in Provisioning through the X Series switch user interface on page 9 2 Enter the following CLI commands console configure terminal console config username admin password console config interface vlan 1 console config if ip address 192 168 2 1 255 255 255 0 console config if exit console config ip default gateway 192 168 2 2 console conf...

Page 17: ...Add Switch button The Add External Switch dialog displays 6 From the ID drop down menu select the ID of the switch 1 default or 2 7 From the Switch Model drop down menu select the model of the external switch The default is X1008 8 In the IP Address field enter the IP address of the switch obtained from the label on the switch 9 In the User Name field enter the user ID obtained from the label on t...

Page 18: ...he STP State drop down menu select Disabled Enabled default 18 If you are adding an X1008 X1018 X1026 X1052 or X4012 switch go to Step 22 19 In the PoE Alert Usage Threshold field enter the percentage of power consumed before a trap is generated The range is 1 to 99 with a default of 95 20 From the PoE Traps drop down menu select whether PoE traps are enabled Disabled default Enabled If this optio...

Page 19: ...Dell SonicWALL X Series Solution Deployment Guide Adding the X Series switch to SonicOS 19 22 Click Add Deleting an extended switch To delete an extended switch 1 Click the Delete icon ...

Page 20: ...s The key supported topologies for the TZ X Series Solution are Common uplink configuration Dedicated uplink configuration Hybrid configuration with common and dedicated uplink s Isolated links configuration for management and data traffic HA and PortShield configurations with dedicated uplink s VLAN s with dedicated uplink s configuration SonicPoints with dedicated uplink configuration IMPORTANT ...

Page 21: ... up automatically to receive send tagged traffic for all IDV VLANs The IDV VLAN of the tagged traffic allows the firmware to derive the PortShield host interface for the traffic Criteria for configuring an uplink interface The interface should be a physical interface virtual interfaces are not allowed The interface should be a switch interface On some platforms some firewall interfaces are not con...

Page 22: ...hield group to which it belongs Figure 1 shows a typical integration topology of a TZ500 firewall with an X1026P switch The firewall uplink interface is X3 The X Series switch uplink interface is 2 This uplink between X3 on the firewall and port 2 on the extended switch is an common link set up to carry PortShield traffic between H1 and H3 and H2 and H4 The uplink is also the one on which the X Se...

Page 23: ... 3 Navigate to the Network Interfaces page 4 Ensure that X3 has an IP address in the range 192 168 2 x 24 5 Navigate to the Network PortShield Groups page 6 Click the External Switch Configuration tab 7 Click the Add Switch button The Add External Switch dialog displays 8 Configure the ID through Confirm Password options as described in Adding the X Series switch to SonicOS on page 17 9 Select the...

Page 24: ...rom their respective drop down menus 11 For information about configuring the Advanced tab see Adding the X Series switch to SonicOS on page 17 12 Click Add The External Switch Configuration tab shows the link between X3 and the X switch port 2 Status a green Enabled icon Switch Management port 2 Firewall Uplink X3 Switch Uplink port 2 13 Click the Port Graphics tab ...

Page 25: ...s where a dedicated 1G link is needed for a particular firewall interface Cases where this configuration is necessary VLANs are used for example another switch behind the X switch There will be a large volume of traffic and there needs to be a separate uplink for this traffic The risk associated with such a configuration is using up interfaces on the firewall fairly soon Figure 2 shows a dedicated...

Page 26: ...configure a dedicated uplink with or without setting up the common uplink to carry all PortShield traffic for the different firewall interfaces In both cases the common uplink is used to manage the extended switch Topics Configuring a dedicated uplink without a common uplink on page 26 Configuring a dedicated uplink with a common uplink on page 28 Configuring a dedicated uplink without a common up...

Page 27: ...down menu 7 To provision the extended switch for a dedicated uplink without a common uplink ensure the Firewall Uplink and Switch Uplink options are set to None 8 For information about configuring the Advanced tab see Adding an extended switch on page 17 9 Click Add The dialog closes 10 Click either the Port Graphics tab Port Configuration tab 11 On the Port Graphics tab a Select the desired PortS...

Page 28: ... in Provisioning an X Switch on a TZ series appliance on page 9 2 Set up the common uplink as described in Adding an extended switch on page 17 The External Switch Configuration tab is updated The External Switch Configuration and Port Graphics tabs are updated NOTE For this example a cable is connected to TZ port X3 and switch port 2 which has a human icon in the port icon This connection is a co...

Page 29: ...ment Guide Configuring the X Series Solution in various topologies 29 On the Port Graphics tab the icons for TZ port X3 and switch port 2 are the same color and contain an up arrow 3 Click either the Port Graphics tab Port Configuration tab ...

Page 30: ...ion in various topologies 30 4 On the Port Graphics tab a Select the desired PortShield Interface s b Click the Configure button Port Configuration tab click the Edit icon of the desired PortShield Interface The Edit Switch Port dialog displays 5 Select the Dedicated Uplink option ...

Page 31: ...r the remaining firewall interfaces with no dedicated uplinks Figure 3 shows a hybrid uplink integration topology of a TZ400 firewall with an X1026P switch The dedicated uplink between X0 on the firewall and port 11 on the extended switch is set up to carry PortShield traffic for X0 The common link between X3 on the firewall and port 2 on the extended switch carries PortShield traffic for firewall...

Page 32: ...s in a delay in forwarding management traffic If data traffic will be congested consider configuring separate links for management traffic and data traffic Although similar to a common link configuration the isolated management data configuration runs separate uplinks for management traffic and data traffic This configuration ensures that even with a high amount of data traffic management traffic ...

Page 33: ...ce on page 9 2 Set up the data uplink as described in Adding an extended switch on page 17 3 Navigate to the Network PortShield Groups page 4 Click the External Switch Configuration tab 5 Click Add Switch The Add External Switch dialog displays 6 Configure the ID through Confirm Password options as described in Adding an extended switch on page 17 7 To specify the port on the switch via which the ...

Page 34: ... Switch Uplink options from their respective drop down menus 9 Click Add The extended switch configuration is displayed on the Network PortShield Groups External Switch Configuration tab The Port Graphics tab displays The extended switch port 1 is management it is grey with a human icon in it The data uplink is between X3 and extended port 2 ...

Page 35: ... on the X Series switch Ports 12 and 14 on the X Series switch are portshielded to X3 with the dedicated uplink option enabled Ports 13 and 15 on the X Series switch are portshielded to X4 with the dedicated uplink option enabled Ports 2 and 4 are portshielded to X3 Ports 3 and 5 are portshielded to X4 When the secondary unit acts in active HA mode traffic between H1 and X3 is carried over the ded...

Page 36: ...ect X0 of the primary and secondary directly to the ports on the X series switch In this case two switch ports are used on the X series for management traffic Figure 6 shows a a TZ300 HA pair with an X1026 switch and two dedicated links X0 of the primary unit is connected to port 1 X0 of the secondary unit is connected to port 7 When the switch is provisioned the primary switch management is set t...

Page 37: ...re the options as described in Configuring a common uplink on page 22 except a Select the Primary Switch Management and Primary Switch Management interfaces from their respective drop down menus 4 Click Add Configuring VLAN s with dedicated uplink s For more information about X Series Solution support for VLAN see Dell SonicWALL X_Series Solution Support for SonicWALL Virtual Interfaces VLANs 1897...

Page 38: ...e 39 Dedicated Uplink for VLAN Topology In a dedicated uplink configuration a given link between the firewall and the X Series switch designated as the dedicated uplink is set up to carry traffic for all VLANs configured under the firewall interface plus PortShield traffic corresponding to the firewall interface Figure 7 shows a TZ500 with an X1026P switch Figure 7 VLAN with dedicated uplink topol...

Page 39: ... firewall interfaces along with VLAN s support 2 Configure the dedicated link by a Choosing an extended switch port that is connected physically to the firewall interface b Portshielding the port to the firewall interface c Choosing the dedicated link option 3 Select the extended switch port on which VLAN s need to be enabled 4 Portshield the switch port to the firewall interface 5 Configure the r...

Page 40: ...igured as a trunk to carry VLAN 100 by selecting Enabled for the VLAN Trunk option and choosing VLAN 100 from the available list of VLANs 5 Similarly Port 11 is portshielded to X5 and configured as a trunk to carry VLAN 150 by a Selecting Enabled for the VLAN Trunk option b Choosing VLAN 150 from the available list of VLANs 6 Portshield port 12 to X5 and configure it as an access for VLAN 200 by a...

Page 41: ...k to carry PortShield traffic for the firewall interfaces and enable support for VLAN s with in a dedicated uplink configuration Figure 8 shows a TZ500 with an X1026P switch The link between X3 and port 2 on the extended switch is configured as a common uplink for carrying PortShield traffic for the different firewall interfaces excluding the firewall interface for which a dedicated uplink is setu...

Page 42: ...ccess points be connected through dedicated links because SonicPoint access points carry several VLANS and dedicated links pass through VLAN tunnels The dedicated links act as trunks passing tagged traffic from the access point through the X Series switch to the TZ firewall For non SonicPoint access points and for SonicPoints without particular management the port in the TZ firewall can be configu...

Page 43: ...Series switch see Dell SonicWALL TZ Series and Dell SonicWALL X Series solution managing SonicPoint ACe ACi N2 access points SW13970 To configure a dedicated uplink for SonicPoints 1 Provision the switch as described in Provisioning an X Switch on a TZ series appliance on page 9 2 Set up the data uplink as described in Adding an extended switch on page 17 3 Configure the uplinks as described in Co...

Page 44: ...e with a valid maintenance contract and to customers who have trial versions To access the Support Portal go to https support software dell com The Support Portal provides self help tools you can use to solve problems quickly and independently 24 hours a day 365 days a year In addition the portal provides direct access to product support engineers through an online Service Request system The site ...

Page 45: ...ed topologies 20 TZ series appliances 5 I interface uplink 21 isolated link 21 L link common 21 dedicated 21 isolated 21 M Managed Mode button 10 P PoE Power over Ethernet 5 PoE Power over Ethernet Plus 5 S switch extended See extended switch 4 U uplink common configuration 22 extended switch 21 firewall 21 interface 21 X Switch 21 uplink interface criteria for configuring 21 Index ...

Reviews:

No comments

Related manuals for sonicwall x series

Vasco Personal aXsGUARD Installation And Configuration Manual preview
Personal aXsGUARD
Brand: Vasco Pages: 39
SonicWALL TZ270 Quick Start Manual preview
TZ270
Brand: SonicWALL Pages: 2
Bandura Cyber TIG BT-10G User Manual preview
TIG BT-10G
Brand: Bandura Cyber Pages: 93
D-Link DIR-330 - Wireless G VPN Router Brochure & Specs preview
DIR-330 - Wireless G VPN Router
Brand: D-Link Pages: 3
Neoware Firewall User Manual preview
Firewall
Brand: Neoware Pages: 28
Mooltipass Mini BLE User Manual preview
Mini BLE
Brand: Mooltipass Pages: 28
Excelsecu Data Technology Co., Ltd. eSecu FIDO2 User Manual preview
eSecu FIDO2
Brand: Excelsecu Data Technology Co., Ltd. Pages: 17
H3C SecPath F100-C Installation Manual preview
SecPath F100-C
Brand: H3C Pages: 72

Brands by name

Popular brands

Load more brands