Unsolved
This post is more than 5 years old
38 Posts
0
84867
Dell Powerconnect Switches and Sonic Fierwall DMZ Config
Hello Everyone;
I have 2 X Dell powerConnect 6224 Switches and 2 X Dell 2400 SonicWall 2400. I have configured all my VLANs to run on the L3 switches and left the sonicwall to manage Internet access and filtering.
I would like to know what is the best practices when it comes to setup DMZ? I was unable to find any good documents that talks about L3 switches with Sonicwall.
The question is: Should I Setup DMZ on the switch (using ACL) to control it or set it up on the Firewall?
Thank you;
Adam
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
November 12th, 2012 12:00
From what I have read and seen, it would appear that common practice would be to place the DMZ on the firewall.
Looking at some network topology examples, the DMZ is usually on the Firewall.
http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps6301/ps6386/images/0900aecd8031925c_null_null_null_06_22_05-4.jpg
2400 guide with some DMZ info
www.sonicwall.com/.../sonicwall_nsa_2400_getting_started_guide.pdf
Video on DMZ configuration that may be of some help.
I would not hesitate to contact SonicWall support to see if they have any additional documentation they can send you on this.
o-www.sonicwall.com/.../contact.html
Thanks
akamali
38 Posts
0
November 13th, 2012 05:00
Thank you; Daniel for your help.
My setup is a bit complex as it's involve configuring Hypervisor (XenServer, L3 Switches and Sonicwall firewall).
I did setup all of my VLANs on the L3 switch and enabled routing and connected it to Sonicwall via uplink (trunk) and created another (trunk) port for my xenserver connection . Everything is now working fine.
As for the DMZ, I know it should be done on the Firewall. But when I contacted Sonicwall support they did not know how to route between DMZ and my other VLANs that are on the switch. Then they said your DMZ should be done on the switch level since other VLANs are managed by it. which I did not like, therefore I came to support forums to double check.
Then yesterday I found this post, talks about setting up DMZ on Firewall in virtualized environments while using L3 Switches!
networkrob.blogspot.ca/.../creating-dmz-on-asa-for-virtual.html
Based on this post, just like what I did earlier:
1. On L3 Switches - Setup VLAN ID (Do not assign IP Address) - instead just assign it to a trunk port that is connected to Sonicwall firewall.
2. On Sonicwall Setup your DMZ - It can be added as sub-interfaces so you don't have to use a physical port (Very important now days!)
3. Configure necessary routes / Firewall rules on the Sonicwall - I think at this point I would have to speak to level 2 or 3 support to help me sort this problem.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
November 13th, 2012 08:00
That is a nice blog post. Here are some links with some good information and scenarios on using/implementing ACLs.
www.dell.com/.../pwcnt_IP_ACLs.pdf
www.dell.com/.../app_note_10.pdf
www.dell.com/.../app_note_3.pdf
The information in the above documents should help in getting a start on creating the ACLs on the switch. If you have any questions, or want help reviewing the ACLs you are implementing, I will do my best to help.
Thanks.