Designing with TZ Firewalls and X-Series Switches · · 2016-09-09Getting Started with X-Series...

PEAK16Dell - Internal Use - Confidential PEAK16

Designing with TZ Firewalls and X-Series SwitchesSathya Thammanur, Sr. Product Manager

Kavitha Santhanakrishnan, Sr. Principal Engineer

PEAK162 Dell - Internal Use - Confidential

AGENDA

• TECHNOLOGY BACKGROUND

• COMPETITIVE LANDSCAPE

• DEPLOYMENT SCENARIOS

• INTEGRATION ROADMAP

• Q & A


Challenge: Managing multiple point solutionsSmall and Medium Business with a single location

Firewalls WirelessSwitches


Secured retail network with single centralized management console

SonicWALL WAN

Acceleration

SonicWALL SonicPoint

The SonicWALL Solution1. Global Management System (GMS)

manages firewalls2. Firewalls control

• Access Points• Switches• Enforced Endpoints• WAN Acceleration

Dell X-Series Switch with

PoE

SonicWALL Advantage

Single Management

Console

Lower Operating Costs

Converged Infrastructure

Port Expansion Scalability

GMS


Key SonicWALL & Dell Solutions

SonicWALL TZ SeriesUTM / Next Gen. Firewall

SonicPointsWireless Access Points

X-Series SwitchesSwitches

Global Management System (GMS)Management & Reporting


NGFW √ √ √HIGH PORT DENSITY

√ √ √

SWITCHES √THROUGH DELL

√ √ × × ×

ACCESS POINTS √ √ √ × √ √

CONSOLIDATEDMANAGEMENT √ √ √ × × ×

Secure Retail Solution – Competition SonicWALL Differentiation – Strong Deep Packet Inspection with integrated management for all critical network functions including security, wireless, switches and WAN acceleration using single consolidated management console (GMS)


SonicOS 6.2.5: X-Series Switch Integration

Extended Switch Management via GMS

(Requires GMS 8.1)

TZ300/W TZ400/WTZ500/W TZ600

X1008/P X1018/PX1026/P X1052/PX4012

VLANs SupportProvision X-Series switch as “Extended Switch”

PortShield & Protection for

Extended Switch

High Availability & PortShield

Diagnostics Support for Extended Switch

Configure Extended Switch settings

Manage Extended Switch Global

Params


Provisioned Extended Switches


Portshield of X-Series switch ports


Extended Switch ports view with firewall interfaces


Extended Switch Statistics

Deployment Scenarios


Getting Started with X-Series Switch IntegrationAssumptions

Up-to 2 Switches for Provisioning

Switches must be in Managed Mode

VLANs support via dedicated links only

Config. Of Switches via Firewall only

Single Switch Multiple Switches VLANs High Availability


Initial X-Series switch / TZ firewall setup

• Ensure your X-Series switch is set to operate in Managed Mode

• Ensure X-Series switch’s IP is set to Static IP instead of Dynamic IP

• Set username/password

• No other configuration must be performed from the switch GUI. Doing so, results in X-Series switch out-of-sync with TZ firewall

• Ensure a TZ firewall interface is on same subnet as X-series switch IP– For example, to manage an X-Series switch with a default IP 192.168.2.1, an interface of the firewall

needs to be configured in the 192.168.2.0/24 subnet and connected to the X-Series switch.

• Test for connectivity from TZ firewall to X-Series switch – Ping X-Series switch from TZ firewall before provisioning/managing the switch.

14


Key Terminologies

• Common Uplink Configuration

• Dedicated Uplink(s) Configuration

• Hybrid Configuration with Common and Dedicated Uplink(s)

• Isolated Links for Management and Data Traffic

• Support for HA with Dedicated Uplink(s)

• Support for VLAN(s) with Dedicated Uplink(s)


Topology – Common Uplink

X1026P Interfaces:2 – Switch Uplink + MGMT, 192.168.2.1/245 – PortShield to X09 – PortShield to X4

Firewall Interfaces:X0 – LAN, 192.168.168.168/24X3 – LAN, 192.168.2.2/24, Firewall Uplink + MGMT to X1026PX4 – DMZ, 172.168.168.168/24


Topology – Hybrid Configuration Common and Dedicated Uplink(s)

Firewall Interfaces:X0 – LAN, 192.168.168.168/24X3 – LAN, 192.168.2.2/24, Firewall Uplink to X1026PX4 – WLAN, L2B to X0, Dedicated Uplink

X1026P Interfaces:2 – Switch Uplink + MGMT, 192.168.2.1/245 – PortShield to X07 – PortShield to X4, Dedicated Uplink9 – PortShield to X4


Topology – Isolated links for Management & Data Traffic

Firewall Interfaces:X0 – LAN, 192.168.168.168/24X2 – LAN, 192.168.2.2/24X3 – Firewall Uplink to X1026PX4 – DMZ, 172.168.168.168/24

X1026P Interfaces:1 – Switch MGMT, 192.168.2.1/242 – Switch Uplink5 – PortShield to X09 – PortShield to X4


Topology – Multiple X-Series switches

X1026P Interfaces:1 – Switch MGMT, 192.168.2.1/242 – Switch Uplink5 – PortShield to X0

Firewall Interfaces:X0 – LAN, 192.168.168.168/24X2 – LAN, 192.168.2.2/24X3 – Firewall Uplink to X1026PX6 – LAN, 172.168.2.2/24 Firewall Uplink to X1008P

X1008P Interfaces:6 - Switch MGMT + Switch Uplink, 172.168.2.1/247 – PortShield to X0


Topology – High Availability

DELL X1018 – 10.205.3.18X1 – 10.205.3.33


Topology – VLAN(s) support with Dedicated Uplink(s)• Port 3 is portshielded to X5 with

dedicated uplink option• Port 10 is portshielded to X5 and

configured as a trunk to carry VLAN 100

• Port 11 is portshielded to X5 and configured as a trunk to carry VLAN 150

• Port 12 is portshielded to X5 and configured as an access to carry VLAN 200


Use Case – Extending Ports X-Series switch defaultUser Name: adminPassword: adminIP Address: 192.168.2.1

X4 & Port 6 are on the same subnet 192.168.2.0

From Port Configuration or Port Graphics: Portshield for Port 3 to X3 Portshield for Port 5 to X5


Use Case – Extending Ports Setting up Portshields

Portshielding example:X5 <-> Port 5 setup

Note: Multiple switch ports can be selected and configured with the same information


Use Case – Setting up dedicated link

1

23


Use Case– Adding Multiple Switches

Two Switches

Switch ID 2 IP on same subnet as X4Switch port 8 set up as Uplink


Use Case – Configuring VLANs

VLANs

• Support for VLANs only using Dedicated Uplinks

• X5 is dedicated Uplink for Port 3 on switch

• VLANs 100, 150, 200 must be available on X5


VLAN Restrictions

• Support for VLANs is not available on common uplinks. – For example, VLANs cannot be configured under the firewall interface, which is provisioned as the

common uplink for the X-Series switch.

• Support for VLANs is only available on dedicated uplinks.

• No Overlapping VLANs allowed on TZ firewall interfaces configured as dedicated uplinks– For example, if X3 and X5 are configured for dedicated uplinks, VLAN 100 will be disallowed to exist

under both X3 and X5.

27


Use Case – Setting up Wireless Access

1

2

3

Setup wireless using dedicated uplink


Use Case – Setting up Wireless Access

Portshield wireless traffic to X4 VLANs 1

2

Select VLANS

Note: SonicPoints require PoE+ ports to power them; X1026P, X1052P are the only switches with PoE+ ports

X-Series Integration Demo

32 Dell - Internal Use - Confidential

Demo Setup

H1

X0X3

2

X4

3

4

H2

H3

5

GMS

DELL X1008 DELL X1026P

1

X5

2

X6X1

H4

3• Common Uplink

• SonicPoint

• VLANs

• Multiple Switches

• GMS


Distributed Network Demo – Set Up

1. H1 – 192.168.168.50 Connected to X0, 10.205.3.3 (RDP)

2. H2 – 100.1.1.229 Connected to Port 5 of Switch, Portshield to X3, Access VLAN 100, 10.205.3.229 (RDP)

3. H3 – Wireless PC Connected to SonicPoint, 10.205.3.226 (RDP)

4. H4 – 100.1.1.229 Connected to Port 5 of Switch, Portshield to X3, Access VLAN 100, 10.205.3.229 (RDP)

5. GMS – 10.202.53.183

Host Configurations

1. X0 – 192.168.168.168/24 Connected to H1

2. X1 – WAN – 10.205.3.40/24 3. X3 – Firewall Uplink +

Management Link to X1026P Switch – 192.168.2.2/24

4. X3:V100 – 100.1.1.40/245. X4 – WLAN – L2B to X06. X4:V50 – 50.1.1.1/24 –

GuestWiFi7. X4:V60 – 60.1.1.1/24 –

CorpWiFi 8. X5 – Management Link to

X1008 – 192.168.3.2/249. X6 – Firewall Uplink to

X1008 – Unassigned

Firewall Interfaces

1. Port 2 – Switch Uplink + Management Link to firewall, Connected to X3

2. Port 3 – Connected to X4, PS to X4 (Dedicated Link)

3. Port 4 – SonicPoint Aci, PS to X4, Trunk

4. Port 5 – Connected to H2, PS to X3, Access VLAN 100

X1026P Switch Interfaces

1. Port 1 – Switch management Connected to X5

2. Port 2 – Uplink to firewall Connected to X6

3. Port 3 –Connected to H4, PS to X0

X1008 Switch Interfaces


Demo


Logging/Syslog, Diagnostics Support

• Syslog support available for the following critical events

• Add/Delete of switch• Network events like

Port Up/Down

• Diagnostics Support• Statistics of Extended

Switch Ports• Upgrade of firmware

image, boot image on the Extended Switch

• Reload of the Extended Switch

Extended Switch Statistics

Extended Switch Restart

Firmware Management


Looking into the TSR

Extended Switch

information

Extended Switch

Statistics


Resources

Updated Datasheet

Online ResourceseBookTech BriefFAQUpdated Datasheet

People you need to know

Product Management:Sathya Thammanur Scott Grebe

Updated Retail Page

Tech Brief


Resources

Knowledge Base ArticlesDeployment Guide Tech Brief

http://documents.software.dell.com/sonicos/6.2.5.1/x-series-solution-deployment-guide/

https://support.software.dell.com/sonicwall-tz-series/search?k=x-series&r=Category:Solution

https://www.sonicwall.com/techbrief/scalable-security-for-retail-networks8108411/


Q & A

PEAK16 Dell - Internal Use - Confidential PEAK16

Thank You.

Designing with TZ Firewalls and X-Series Switches · · 2016-09-09Getting Started with X-Series...

Documents

Transcript of Designing with TZ Firewalls and X-Series Switches · · 2016-09-09Getting Started with X-Series...