03-22-2017 11:22 PM - edited 03-03-2019 08:30 AM
Hello Friends,
I am going to deploy a network with multiple VLANs, i have been using cisco firewall but this time the customer is short on money so had to install DELL Sonic-wall firewall there. Now the thing is that, I want to add multiple VLANs 2 or more and want to grant them access the internet, please correct me if i am wrong
1. I will have to create sub-interfaces for each vlan on switchport where i will connect Sonic-wall and configure that port as trunk & configure virtual sub interfaces on firewall (X0) LAN interface, ?
2. NAT policy , I have multiple subnets i want to create inbount/outbound NAT policy what is the best practise ?
Solved! Go to Solution.
03-23-2017 03:34 AM
Yes, that's correct.
Technically you will be creating a default route on the core switch since it's a L3 switch. It would be a default gateway if the switch were L2 only.
i.e.:
ip route 0.0.0.0 0.0.0.0 <firewall inside address>
03-23-2017 02:39 AM
For the routing you are much better off just creating a small transit VLAN between your core switch and the firewall. Then you only need that one inside interface on the firewall and it serves as the default gateway for the core switch. All non-local traffic from behind the core switch would then be routed outbound through there.
For NAT You can jsut make a single dynamic NAT policy translating internal adddresses to the firewall's public interface. Unless you have scaling or regulatory/legal concerns, that is the quickest and easiest setup.
03-23-2017 03:30 AM
okay so i should create multiple vlans on the switch and create svis for routing then configure a default gateway that will point towards firewall's ip, One seperate vlan betwen switch and firewall? so no need to configure the port as trunk right?
i will have to configure NAT on firewall as there is no option to configure NAT in cisco 3850,
03-23-2017 03:34 AM
Yes, that's correct.
Technically you will be creating a default route on the core switch since it's a L3 switch. It would be a default gateway if the switch were L2 only.
i.e.:
ip route 0.0.0.0 0.0.0.0 <firewall inside address>
03-23-2017 03:37 AM
i will try it out . Thankyou Sir
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide