SonicWall Firewall Configuration Guide

Avatar
Chris Van Oort
Follow

Please Note: 

  • All testing was done on a SonicWALL TZ300 firewall, running SonicOS Enhanced 6.2.9.1

  • Click screenshots to view at full size.

Configuration:

Power on the RocketFailover device, and make sure the Ethernet cable is connected to the desired port you want for the secondary WAN.

sonicwall-1-interfaces.png

Under “Network”, select “Interfaces”. Click “Configure” for the Interface you have plugged the RocketFailover device into.

sonicwall-2-edit_interface.png

Enter the IP address information as a “Static” IP assignment, and use the Google public DNS servers. Also be sure to check the boxes under Management on how you would like to manage the firewall in the event of a failover.

sonicwall-3-failover_lb.png

Next, Click on “Failover & LB” under “Network”.  Click “Configure” under the Default LB Group in “Groups”

sonicwall-4-failover_lb_group.png

Under the “General” Tab, Make sure the type is set to “Basic Failover” and the “Preempt and failback to preferred interfaces when possible” is checked to allow the failback.  Check the selected interfaces to make sure they are in the correct order for failover.

sonicwall-5-failover_lb_group_probing.png

Click on the “Probing” tab and set this tab to your desired preferences.  In the above screenshot, the device will failover after 1 minute of downtime. Note: This may increase data usage on the RocketFailover connection if these settings are set to check the interface too frequently.

sonicwall-6-addressing_objects.png

Next, we will create and alias for the iStatus Hosts that we will use to setup ConnectionValidation for the RocketFailover device.

Under “Network”, select “Address Objects”.  Click the “Add” button at the bottom to create a new Address Object.

sonicwall-7-new_addressing_object.png

Match the following screenshot to setup the Address Object.

sonicwall-8-routing.png

 

Next we will setup the Route Policy to enable ConnectionValidation on the RocketFailover device.

Under “Network”, select “Routing”.  Then click the “Add” button at the bottom to add a new route policy.

sonicwall-9-iStatusRoutePolicy.png

Change the “Source” to LAN Subnets, this will include the iStatus device.  If you prefer, you may use a DHCP reservation for the iStatus device, and then create an Address Object to define the iStatus device, and use that Address Object here instead.

Change the “Destination” to your recently created “iStatusFailover” Address Object

Set the service to “Any”.

Set the “Gateway” to the RocketFailover Interface’s Default Gateway

Set the “Interface” to the RocketFailover Interface you have configured

Set the “Metric” to 1

Make sure the “Disable route when interface is disconnected” is not checked.

sonicwall-10-DNS.png

To enable seamless failover, set the DNS servers in the firewall to the Google public DNS servers.

Under “Network”, select “DNS”.

 

Select “Specify IPv4 DNS Servers Manually”, and set the DNS servers as shown above.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.