Hello folks, We have a SonicWALL firewall with interface X2 configured as "Portshield to X1". Interface X1 has an IP address and X2 does not. I investigated what portshield was and I came to the conclusion its basically binding both interface in the same Subnet, then the "master" port is the only one with an IP address the "slave" port does not have an IP address but is in the same subnet as the "master" one, (like a switch) . I guess this is like when we have an SVI in a cisco switch environment and then have 2 interfaces in that vlan, the only difference is that in the SonicWALL the IP is configured on one of the interfaces itself and not in a "virtual interface". That is my understanding, please correct me if I missed something. Anyways, my issue is that I need to know what is physically connected to X2, because we only have 1 switch in that site and I found only one interface connected to it from the firewall which is X1. I found only the SonicWall mac address from X1 in the switch, nothing else, however the X2 interface on the SonicWALL says under status: "1 Gbps Full Duplex". It does not say "No link". I don't have much experience working with SonicWall, but when an interface says something like "1 Gbps Full Duplex" that means that it is connected to something indeed. Thing is I am not able to figure out where X2 is connected to. So here is my question, How could I find the mac addresses connected to my X2 interface? So I can figure out what is connected to that port? Note: The ARP table on the SonicWall GUI does not shows nothing out of port X2, only X1 and the other interfaces, maybe that's the normal behavior for a portshield interface, not sure) Also, am I safe to assume that since X2 is showing "1 Gbps Full Duplex" there is something connected to it?? Thanks for the help!! 07/05/2022 17 People found this article helpful 55,742 Views Port Shield architecture enables you to configure some or all the LAN ports into separate security contexts, providing protection not only from the WAN and DMZ but between devices inside your network as well. In effect, each context has its own wire-speed Port Shield that enjoys the protection of a dedicated, deep packet inspection firewall. NOTE:Zones can always be applied to multiple interfaces in the Network |Interfaces page, even without the use of Port Shield groupings. However, these interfaces will not share the same network subnet unless they are grouped using Port Shield. This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware. To configure a Port Shield interface, perform the following steps: 1. Click on the Network | Interfaces page. 2. Click the Configure button for the interface you want to configure. The Edit Interface window displays. 3. In the Zone pulldown menu, select a zone type option to which you want to map the interface. NOTE: You can add Port Shield interfaces only to Trusted, Public, and Wireless zones. 4. In the IP Assignment pulldown menu, select Port Shield Switch Mode. 5. In the Port Shield to pulldown menu, select the interface you want to map this port too. Only ports that match the zone you have selected are displayed. EXAMPLE: X6 interface being port shielded to X0 LAN in below picture
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware. To configure a Port Shield interface, perform the following steps: 1. Navigate to the Network | Interfaces page. 2. Click the Configure button for the interface you want to configure. The Edit Interface window displays. 3. In the Zone pulldown menu, select a zone type option to which you want to map the interface. NOTE: You can add Port Shield interfaces only to Trusted, Public, and Wireless zones. 4. In the IP Assignment pulldown menu, select Port Shield Switch Mode. 5. In the Port Shield to pulldown menu, select the interface you want to map this port too. Only ports that match the zone you have selected are displayed. EXAMPLE: X4 interface being port shielded to X0 LAN in below picture
07/28/2022 380 People found this article helpful 197,181 Views Transparent Mode works by defining a Transparent Range which will retain their original source IP address (will not be NAT'd) when egress from the WAN interface. While, a PortShield interface is a virtual interface with a set of ports assigned to it. These interfaces in the PortShield group will shared the same network subnet. PortShield interface can work in two modes (Static and Transparent). This article covers the feature how to configure a PortShield interface in transparent mode. This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware. We are going to configure PortShield for Transparent mode.
Create Address Object for DMZ Range:
NOTE: the address range must be within the WAN zone and must not include the WAN interface and WAN gateway IP address. Configure Transparent Mode: NOTE: WAN interface IP address must be static assigned when configuring transparent mode
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware. We are going to configure PortShield for Transparent mode.
To configure the PortShield interface in transparent mode, please complete the following steps. Create Address Object for DMZ Range:
Configure Transparent Mode:
Configure PortShield Mode:
Configuring the servers connected to the PortShield interfaces X2 and X3.
Access Rule from WAN to DMZ
Check the configuration from the WAN side.
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware. We are going to configure PortShield for Transparent mode.
To configure the PortShield interface in transparent mode, please complete the following steps.
|