PEAK16Dell - Internal Use - Confidential PEAK16
Designing with TZ Firewalls and X-Series SwitchesSathya Thammanur, Sr. Product Manager
Kavitha Santhanakrishnan, Sr. Principal Engineer
PEAK162 Dell - Internal Use - Confidential
AGENDA
• TECHNOLOGY BACKGROUND
• COMPETITIVE LANDSCAPE
• DEPLOYMENT SCENARIOS
• INTEGRATION ROADMAP
• Q & A
PEAK163 Dell - Internal Use - Confidential
Challenge: Managing multiple point solutionsSmall and Medium Business with a single location
Firewalls WirelessSwitches
PEAK164 Dell - Internal Use - Confidential
Secured retail network with single centralized management console
SonicWALL WAN
Acceleration
SonicWALL SonicPoint
The SonicWALL Solution1. Global Management System (GMS)
manages firewalls2. Firewalls control
• Access Points• Switches• Enforced Endpoints• WAN Acceleration
Dell X-Series Switch with
PoE
SonicWALL Advantage
Single Management
Console
Lower Operating Costs
Converged Infrastructure
Port Expansion Scalability
GMS
PEAK165 Dell - Internal Use - Confidential
Key SonicWALL & Dell Solutions
SonicWALL TZ SeriesUTM / Next Gen. Firewall
SonicPointsWireless Access Points
X-Series SwitchesSwitches
Global Management System (GMS)Management & Reporting
PEAK166 Dell - Internal Use - Confidential
NGFW √ √ √HIGH PORT DENSITY
√ √ √
SWITCHES √THROUGH DELL
√ √ × × ×
ACCESS POINTS √ √ √ × √ √
CONSOLIDATEDMANAGEMENT √ √ √ × × ×
Secure Retail Solution – Competition SonicWALL Differentiation – Strong Deep Packet Inspection with integrated management for all critical network functions including security, wireless, switches and WAN acceleration using single consolidated management console (GMS)
PEAK167 Dell - Internal Use - Confidential
SonicOS 6.2.5: X-Series Switch Integration
Extended Switch Management via GMS
(Requires GMS 8.1)
TZ300/W TZ400/WTZ500/W TZ600
X1008/P X1018/PX1026/P X1052/PX4012
VLANs SupportProvision X-Series switch as “Extended Switch”
PortShield & Protection for
Extended Switch
High Availability & PortShield
Diagnostics Support for Extended Switch
Configure Extended Switch settings
Manage Extended Switch Global
Params
PEAK1613 Dell - Internal Use - Confidential
Getting Started with X-Series Switch IntegrationAssumptions
Up-to 2 Switches for Provisioning
Switches must be in Managed Mode
VLANs support via dedicated links only
Config. Of Switches via Firewall only
Single Switch Multiple Switches VLANs High Availability
PEAK1614 Dell - Internal Use - Confidential
Initial X-Series switch / TZ firewall setup
• Ensure your X-Series switch is set to operate in Managed Mode
• Ensure X-Series switch’s IP is set to Static IP instead of Dynamic IP
• Set username/password
• No other configuration must be performed from the switch GUI. Doing so, results in X-Series switch out-of-sync with TZ firewall
• Ensure a TZ firewall interface is on same subnet as X-series switch IP– For example, to manage an X-Series switch with a default IP 192.168.2.1, an interface of the firewall
needs to be configured in the 192.168.2.0/24 subnet and connected to the X-Series switch.
• Test for connectivity from TZ firewall to X-Series switch – Ping X-Series switch from TZ firewall before provisioning/managing the switch.
14
PEAK1615 Dell - Internal Use - Confidential
Key Terminologies
• Common Uplink Configuration
• Dedicated Uplink(s) Configuration
• Hybrid Configuration with Common and Dedicated Uplink(s)
• Isolated Links for Management and Data Traffic
• Support for HA with Dedicated Uplink(s)
• Support for VLAN(s) with Dedicated Uplink(s)
PEAK1616 Dell - Internal Use - Confidential
Topology – Common Uplink
X1026P Interfaces:2 – Switch Uplink + MGMT, 192.168.2.1/245 – PortShield to X09 – PortShield to X4
Firewall Interfaces:X0 – LAN, 192.168.168.168/24X3 – LAN, 192.168.2.2/24, Firewall Uplink + MGMT to X1026PX4 – DMZ, 172.168.168.168/24
PEAK1617 Dell - Internal Use - Confidential
Topology – Hybrid Configuration Common and Dedicated Uplink(s)
Firewall Interfaces:X0 – LAN, 192.168.168.168/24X3 – LAN, 192.168.2.2/24, Firewall Uplink to X1026PX4 – WLAN, L2B to X0, Dedicated Uplink
X1026P Interfaces:2 – Switch Uplink + MGMT, 192.168.2.1/245 – PortShield to X07 – PortShield to X4, Dedicated Uplink9 – PortShield to X4
PEAK1618 Dell - Internal Use - Confidential
Topology – Isolated links for Management & Data Traffic
Firewall Interfaces:X0 – LAN, 192.168.168.168/24X2 – LAN, 192.168.2.2/24X3 – Firewall Uplink to X1026PX4 – DMZ, 172.168.168.168/24
X1026P Interfaces:1 – Switch MGMT, 192.168.2.1/242 – Switch Uplink5 – PortShield to X09 – PortShield to X4
PEAK1619 Dell - Internal Use - Confidential
Topology – Multiple X-Series switches
X1026P Interfaces:1 – Switch MGMT, 192.168.2.1/242 – Switch Uplink5 – PortShield to X0
Firewall Interfaces:X0 – LAN, 192.168.168.168/24X2 – LAN, 192.168.2.2/24X3 – Firewall Uplink to X1026PX6 – LAN, 172.168.2.2/24 Firewall Uplink to X1008P
X1008P Interfaces:6 - Switch MGMT + Switch Uplink, 172.168.2.1/247 – PortShield to X0
PEAK1620 Dell - Internal Use - Confidential
Topology – High Availability
DELL X1018 – 10.205.3.18X1 – 10.205.3.33
PEAK1621 Dell - Internal Use - Confidential
Topology – VLAN(s) support with Dedicated Uplink(s)• Port 3 is portshielded to X5 with
dedicated uplink option• Port 10 is portshielded to X5 and
configured as a trunk to carry VLAN 100
• Port 11 is portshielded to X5 and configured as a trunk to carry VLAN 150
• Port 12 is portshielded to X5 and configured as an access to carry VLAN 200
PEAK1622 Dell - Internal Use - Confidential
Use Case – Extending Ports X-Series switch defaultUser Name: adminPassword: adminIP Address: 192.168.2.1
X4 & Port 6 are on the same subnet 192.168.2.0
From Port Configuration or Port Graphics: Portshield for Port 3 to X3 Portshield for Port 5 to X5
PEAK1623 Dell - Internal Use - Confidential
Use Case – Extending Ports Setting up Portshields
Portshielding example:X5 <-> Port 5 setup
Note: Multiple switch ports can be selected and configured with the same information
PEAK1625 Dell - Internal Use - Confidential
Use Case– Adding Multiple Switches
Two Switches
Switch ID 2 IP on same subnet as X4Switch port 8 set up as Uplink
PEAK1626 Dell - Internal Use - Confidential
Use Case – Configuring VLANs
VLANs
• Support for VLANs only using Dedicated Uplinks
• X5 is dedicated Uplink for Port 3 on switch
• VLANs 100, 150, 200 must be available on X5
PEAK1627 Dell - Internal Use - Confidential
VLAN Restrictions
• Support for VLANs is not available on common uplinks. – For example, VLANs cannot be configured under the firewall interface, which is provisioned as the
common uplink for the X-Series switch.
• Support for VLANs is only available on dedicated uplinks.
• No Overlapping VLANs allowed on TZ firewall interfaces configured as dedicated uplinks– For example, if X3 and X5 are configured for dedicated uplinks, VLAN 100 will be disallowed to exist
under both X3 and X5.
27
PEAK1628 Dell - Internal Use - Confidential
Use Case – Setting up Wireless Access
1
2
3
Setup wireless using dedicated uplink
PEAK1629 Dell - Internal Use - Confidential
Use Case – Setting up Wireless Access
Portshield wireless traffic to X4 VLANs 1
2
Select VLANS
Note: SonicPoints require PoE+ ports to power them; X1026P, X1052P are the only switches with PoE+ ports
32 Dell - Internal Use - Confidential
Demo Setup
H1
X0X3
2
X4
3
4
H2
H3
5
GMS
DELL X1008 DELL X1026P
1
X5
2
X6X1
H4
3• Common Uplink
• SonicPoint
• VLANs
• Multiple Switches
• GMS
PEAK1633 Dell - Internal Use - Confidential
Distributed Network Demo – Set Up
1. H1 – 192.168.168.50 Connected to X0, 10.205.3.3 (RDP)
2. H2 – 100.1.1.229 Connected to Port 5 of Switch, Portshield to X3, Access VLAN 100, 10.205.3.229 (RDP)
3. H3 – Wireless PC Connected to SonicPoint, 10.205.3.226 (RDP)
4. H4 – 100.1.1.229 Connected to Port 5 of Switch, Portshield to X3, Access VLAN 100, 10.205.3.229 (RDP)
5. GMS – 10.202.53.183
Host Configurations
1. X0 – 192.168.168.168/24 Connected to H1
2. X1 – WAN – 10.205.3.40/24 3. X3 – Firewall Uplink +
Management Link to X1026P Switch – 192.168.2.2/24
4. X3:V100 – 100.1.1.40/245. X4 – WLAN – L2B to X06. X4:V50 – 50.1.1.1/24 –
GuestWiFi7. X4:V60 – 60.1.1.1/24 –
CorpWiFi 8. X5 – Management Link to
X1008 – 192.168.3.2/249. X6 – Firewall Uplink to
X1008 – Unassigned
Firewall Interfaces
1. Port 2 – Switch Uplink + Management Link to firewall, Connected to X3
2. Port 3 – Connected to X4, PS to X4 (Dedicated Link)
3. Port 4 – SonicPoint Aci, PS to X4, Trunk
4. Port 5 – Connected to H2, PS to X3, Access VLAN 100
X1026P Switch Interfaces
1. Port 1 – Switch management Connected to X5
2. Port 2 – Uplink to firewall Connected to X6
3. Port 3 –Connected to H4, PS to X0
X1008 Switch Interfaces
PEAK1635 Dell - Internal Use - Confidential
Logging/Syslog, Diagnostics Support
• Syslog support available for the following critical events
• Add/Delete of switch• Network events like
Port Up/Down
• Diagnostics Support• Statistics of Extended
Switch Ports• Upgrade of firmware
image, boot image on the Extended Switch
• Reload of the Extended Switch
Extended Switch Statistics
Extended Switch Restart
Firmware Management
PEAK1636 Dell - Internal Use - Confidential
Looking into the TSR
Extended Switch
information
Extended Switch
Statistics
PEAK1637 Dell - Internal Use - Confidential
Resources
Updated Datasheet
Online ResourceseBookTech BriefFAQUpdated Datasheet
People you need to know
Product Management:Sathya Thammanur Scott Grebe
Updated Retail Page
Tech Brief
PEAK1638 Dell - Internal Use - Confidential
Resources
Knowledge Base ArticlesDeployment Guide Tech Brief
Top Related