How to set up Static Routes?
-
"If I can use the "Opt1" port on the SG3100 for the connection to the SonicaWall, that will help with the rest of my network physical setup."
Yeah you would connect any sort of other router via a transit network.. So yes using optX interface would be good for that.
You then just create static routes down the transit network to use the sonicwall.
But really with viragomann here - drawing is worth 10K words.. Please draw up how your network is currently and how you believe it should look in FMO..
-
I have attached an image showing our current and planned maps. The "Ports" list on the links to the SG3100 refer the ports on the SG3100 only. I hope this helps. The goal of the static route is: Our business system uses a terminal emulator to connect to an offsite server. I need to point all 10.8.10.0/24 traffic to the SonicWALL (Hopefully on OPT1 Port) and all other traffic to the WAN port. The reason for this is our business system provider requires us use their SonicWALL for the VPN connection. For their security reasons, we are not allowed to have any access to the SonicWALL to make any changes.
-
What network is on the wan port? Your behind a cable modem so you get multiple public IPs from your ISP, or is that really a gateway doing nat? and this wan network some rfc1918 space?
Is that switch smart or just a dumb switch so your pfsense and sonic wall sharing the same layer 2 network?
But sure such a setup is very possible, But if you can not make any changes on the sonic wall you would have to nat the traffic.. And you would not be able to have 192.168.1 on your lan and your opt network.
You would need your lan to usea different network than what sonicwall is currently using..
-
The network on the WAN port is just the switch (Dumb switch)
We currently have a single static IP but we will Have 5 once this is implemented.
The purpose of the dumb switch on the WAN port is for connecting multiple devices to the Cable modem.
The SG3100 will have one static IP and the SonicWALL will have its own. -
Great.. What is that network behind the sonicwall… You can not route to it from pfsense if its going to be the same network as pfsense 192.168.1 lan network.. If you an not setup this sonic wall network, then the network you put behind pfsense is going to have to be something different.
-
Physically speaking, nothing is behind the SonicWALL. I will have its own ip address (Not sure what it will be just yet.) It will also no longer have DHCP turn on. its only reason to exist is to maintain the VPN tunnel to our business system.
-
You stated you can not make changes to the sonicwall.. So you can get them to put whatever IP on it you want? Will they be able to put routes on it for you? Or you going to have to nat..
-
They will change its IP address. I assume it can be anything I want. The only routes they will set up on the SonicWALL is whatever they need for the vpn tunnel. I'm hoping to set up pfSense to route all 10.8.10.0/24 traffic to the SonicWALL and everything else will go through the SG3100.
-
The planned configuration looks fine, but bear in mind that you would need to add static routes to the SonicWall as well so it can route the packets back. As is, the SonicWall does not know where your LAN segment is.
There are multiple solutions for this depending on how much you can tinker with the SonicWall. Your planned configuration is my favorite, but if you cannot add static routes on it, you can also NAT on pfSense's OPT1. Or you can leave the SonicWall directly hanging on you LAN (with some security considerations) and the single static route on pfSense would do the trick.
-
They will configure the sonicwall on there end i just need to make sure that pfsense is routing correctly on my end
