Dell sonicwall x series Deployment Manual

Dell™ SonicWALL™ X-Series Solution

Deployment Guide

This product is protected by U.S. and international copyright and intellectual property laws. Dell™, the Dell logo, and SonicWALL are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Legend

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

X-Series Solution Deployment Guide Updated - May 2016 Version - 6.2.5 232-003255-00 Rev A

Contents

About the Dell SonicWALL X-Series Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

TZ/X-Series Solution: a unified approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Performance requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Features provided by the Dell SonicWALL X-Series Solution . . . . . . . . . . . . . . . . . . 6

PortShield functionality and X-Series switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

PoE/PoE+ and SFP/SFP+ support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

X-Series Solution and SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Recommended reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Provisioning an X-Switch on a TZ series appliance . . . . . . . . . . . . . . . . . . . . . . . . . 9

Provisioning through the X-Series switch user interface . . . . . . . . . . . . . . . . . . . . . . . 9

Adding a default gateway through the X-Switch UI . . . . . . . . . . . . . . . . . . . . . . . .14

Provisioning through the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Provisioning without a default gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Provisioning with a default gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Adding the X-Series switch to SonicOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Adding an extended switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Deleting an extended switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Configuring the X-Series Solution in various topologies . . . . . . . . . . . . . . . . . . . . 20

About topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

About links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Connecting the X-Series switch management port to a TZ firewall . . . . . . . . . . . . . . . .21

Configuring the different topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Configuring a common uplink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Configuring a dedicated uplink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Configuring a hybrid system with common and dedicated uplink(s) . . . . . . . . . . . . .31

Configuring isolated links for management and data uplinks . . . . . . . . . . . . . . . . .32

Configuring HA and PortShield with dedicated uplink(s) . . . . . . . . . . . . . . . . . . . .35

Configuring VLAN(s) with dedicated uplink(s) . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Configuring a dedicated link for SonicPoint access . . . . . . . . . . . . . . . . . . . . . . . .42

About Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Contacting Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

Technical support resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Dell SonicWALL X-Series Solution Deployment Guide

Contents

About the Dell SonicWALL X-Series

Solution

• Overview on page 4

• TZ/X-Series Solution: a unified approach on page 4

• Performance requirements on page 5

• Features provided by the Dell SonicWALL X-Series Solution on page 6

• PortShield functionality and X-Series switches on page 7

• PoE/PoE+ and SFP/SFP+ support on page 7

• X-Series Solution and SonicPoints on page 8

• Recommended reading on page 8

Overview

To pi c s:

• TZ/X-Series Solution: a unified approach on page 4

• Performance requirements on page 5

• Features provided by the Dell SonicWALL X-Series Solution on page 6

• PoE/PoE+ and SFP/SFP+ support on page 7

• X-Series Solution and SonicPoints on page 8

• PortShield functionality and X-Series switches on page 7

• Recommended reading on page 8

TZ/X-Series Solution: a unified approach

Critical network elements, such as a firewall and switch, need to be managed, usually individually. The Dell™ SonicWALL™ X-Series Solution allows unified management of both the firewall and the switch using the firewall management interface (UI) and GMS. For example, the maximum number of interfaces available on the Dell SonicWALL TZ models range from 5 (TZ300) to 10 (TZ600). In certain deployments, the number of ports required might easily exceed the maximum number of interfaces available on the TZ appliance. With the TZ/X-Series Solution, ports on a Dell X-Series switch can be viewed as extended interfaces of the firewall, thereby increasing the number of interfaces available for use up to 96, depending on the X-Series switch. These extended ports can be portshielded or configured for high availability and treated as any other interface on the firewall.

Dell SonicWALL X-Series Solution Deployment Guide

About the Dell SonicWALL X-Series Solution

Beginning in SonicOS Release 6.2.5.1, the TZ series appliances shown in Ta b le 1 support the listed X-Series models. A TZ series appliance can provision up to two X-Series switches.

NOTE: For complete information about X-Series switches, see the Dell™ Networking™ X1000 and X4000 Series Switches User Guide and the Dell™ Networking™ X1000 and X4000 Series Switches Getting Started

Guide.

Table 1. X-Series switches supported by TZ series appliances

These TZ Series appliances

• TZ600

• TZ500/TZ500W

• TZ400/TZ400W

• TZ300/TZ300W

Support these X-Series switches

• X1008/X1008P

• X1018/X1018P

• X1026/X1026P

• X1052/X1052P

• X4012

NOTE: The X-Series Solution is not supported on the SOHO W appliance.

Terminology

HA High Availability

IDV Interface Disambiguation via VLAN – The reconfiguring of ports, portshielded to firewall interfaces,

on the extended switch as access ports of the VLAN corresponding to the PortShield VLAN.

PoE Power over Ethernet – A system than passes electrical power along with data on Ethernet cabling,

which allows a single cable to provide both data connection and electrical power to devices. PoE is the 802.3af IEEE standard with 15.4W per port.

PoE+ Power over Ethernet Plus – An enhanced version of PoE that provides more power than PoE. PoE+ is

the 802.3at IEEE standard with 25.5W per port.

SFP Small form-factor pluggable – A compact, hot-pluggable transceiver used for both telecommunication

and data communications applications and supports 1Gb fiber modules.

SFP+ Enhanced small form-factor pluggable – An enhanced version of SFP that supports 10 Gb fiber

modules.

STP Spanning Tree Protocol – A network protocol that ensures a loop-free topology for Ethernet networks

and allows redundant (spare) links to provide backup paths if an active link fails.

Performance requirements

A TZ series firewall can be provisioned for a maximum of two X-series switches. If two switches are provisioned, they must be connected directly to the firewall, they cannot be cascaded, that is, one switch connected to the other switch, which is then connected to the firewall.

On TZ300/TZ400/TZ500 models, the maximum uplink bandwidth of 1G is shared by all front panel ports.

On TZ600, the maximum uplink bandwidth of 1G on:

• Internal switch 0 is shared by X0, X2, X3, X4, X5,and X7.

• Internal switch 1 is shared by X1, X6, X8, and X9.

Dell SonicWALL X-Series Solution Deployment Guide

About the Dell SonicWALL X-Series Solution

Features provided by the Dell SonicWALL X-Series Solution

Key features supported by the Dell SonicWALL X-Series Solution are:

• Provisioning of an X-Series switch as an extended switch – Up to two X-Series switches can be provisioned

as an extended switch on a TZ series firewall. When provisioned, the ports on the X-Series switch are managed as are the other ports of the firewall.

• PortShield functionality – Ports on the X-Switch are viewed as “extended” interfaces of the firewall and

can join PortShield Groups. For further information, see PortShield functionality and X-Series switches on page 7.

• Configuring the extended switch Interface settings – The switch interface settings are configured as

regular interface settings through the SonicOS GUI.

• Managing of the basic extended switch global parameters using GMS – These global parameters are

available on the extended switch:

•STP Mode – By default, STP mode is set to Rapid on the extended switch.

•STP State – By default, STP is Enabled globally on the extended switch.

NOTE: The following PoE parameters are available only on PoE-capable extended switches.

• PoE Alert Usage Threshold – By default, the threshold is set to 95% on the extended switch.

•PoE Traps – By default, traps are disabled globally on the extended switch.

• PoE Power Limit Mode – By default, the mode is set to Port limit (default)

• Managing of the extended switch using GMS – The Dell X-Series switch integration feature allows unified

management of both the firewall and the switch using the SonicOS management interface and Dell SonicWALL GMS version 8.1 SP1 or higher. GMS supports all configuration operations, such as provisioning of an extended switch, configuration of extended switch interface settings, and manageability of extended switch global parameters.

For information about managing extended switches with GMS, refer to the latest SonicWALL GMS

Administration Guide.

• High Availability (HA) with PortShield functionality – Extended switches can be added to firewalls in an

HA configuration with PortShield functionality.

• Diagnostics support for the extended switch – Diagnostic support features are:

• Retrieving statistics of extended switch ports

• Clearing statistics of extended switch ports

• Upgrading of the firmware image, boot image on the extended switch

• Restarting the extended switch

• Support for VLANs in a dedicated uplink configuration – VLAN is supported on extended switches with

these caveats:

• Support for VLANs is not available on common and isolated uplinks. For example, VLANs cannot be

configured under the firewall interface, which is provisioned as the common uplink for the X-Series switch.

• Overlapping VLANs cannot exist under appliance interfaces configured as dedicated uplinks. For

example, if X3 and X5 are configured for dedicated uplinks, VLAN 100 cannot be present under both X3 and X5. Such a configuration is rejected.

• PoE/PoE+ and SFP/SFP+ functionality for TZ series firewalls – Certain Dell X-Switches provide PoE/PoE+

functionality to TZ series firewalls. For Dell X-Switches that provide PoE/PoE+ functionality, see

PoE/PoE+ and SFP/SFP+ support on page 7.

Dell SonicWALL X-Series Solution Deployment Guide

About the Dell SonicWALL X-Series Solution

PortShield functionality and X-Series switches

PortShield architecture allows configuration of firewall ports into separate security zones, thereby allowing protection of a deep-packet inspection firewall for traffic between devices across zones. For more information about PortShield functionality and how to manage PortShield Groups with X-Series switches, see the SonicOS 6.2

Administration Guide.

The Dell TZ-X-Series solution allows support for portshielding interfaces on the extended switch to firewall interfaces. X-Series switches are L2 switches, and by default, all ports on the extended switch are configured as access ports part of the default VLAN 1. When ports of the extended switch are portshielded to firewall interfaces, the ports are reconfigured as access ports part of the VLAN corresponding to the PortShield VLAN, also known as the IDV VLAN of the PortShield host interface.

PoE/PoE+ and SFP/SFP+ support

TZ series appliances do not support PoE/PoE+, but this functionality can be added with certain X-Series switches, as shown in Tab l e 2 . This additional functionality enhances SonicPoint usage by the TZ series appliances, especially for new SonicPoints supporting 802.11ac (802.11ac supports up to 30W maximum power;

802.11a/b/g/h supports up to 15.4 W maximum power).

Some X-Series switches also support SFP/SFP+, as shown in Tab le 2 .

Table 2. X-Series switch PoE/PoE+ and SFP/SFP+ support

This X-Series switch Supports

X1008 1 PoE PD port; by default, port 8 is the PD port

X1008P 8 PoE ports, up to 123W total; by default, ports 1 through 8 support PoE

X1018 2 1GbE SFP ports; by default, ports 17 and 18 support SFP

X1018P 16 PoE ports, up to 246W total; by default, ports 1 through 16 support PoE

2 1GbE SFP ports; by default, ports 17 and 18 support SFP

X1026 2 1GbE SFP ports; by default, ports 25 and 26 support SFP

X1026P 24 PoE/12 PoE+ ports, up to 369W total; by default:

• Ports 1 through 12 support PoE+

• Ports 13 through 24 support PoE

2 1GbE SFP ports; by default, ports 25 and 26 support SFP

X1052 4 10GbE SFP+ ports; by default, ports 49 through 52 support SFP+

X1052P 24 PoE/12 PoE+ ports, up to 369W total; by default:

• Ports 1 through 12 support PoE+

• Ports 13 through 24 support PoE

• Ports 25 through 48 support neither PoE nor PoE+

4 10GbE SFP+ ports; by default, ports 49 through 52 support SFP+

X4012 12 10GbE SFP+ ports; by default, ports 1 through 12 support SFP+

IMPORTANT: A SonicPoint AC without an external power source must be portshielded through ports 1

through 12 on an X1026P or X1052P X-Series switch.

Any non-SonicPoint AC model without an external power source can be portshielded through ports 1 through 8 (X1008P), 1 through 16 (X1018P), or 1 through 24 (X1026P and X1052P).

Any SonicPoint with an external power source (AC power supply or power adapter) can be portshielded to any Ethernet port.

Configuration of the PoE/PoE+ ports on the X-Series switch is managed from the UI of the X-Series switch and not the Network > Portshield Groups page on the TZ series appliance.

Dell SonicWALL X-Series Solution Deployment Guide

About the Dell SonicWALL X-Series Solution

X-Series Solution and SonicPoints

Ports on an extended switch can be portshielded to the WLAN zone of a TZ series appliance, and SonicPoint access points can be connected to these ports.When connecting SonicPoint access points to a Dell X-Series switch, it is important to consider the SonicPoint's power requirements. A SonicPoint ACe/ACi/N2 access point requires a minimum of 25.5 watts. If your Dell X-Series switch model does not support PoE+, you must use a SonicPoint power injector. For which switches support PoE+, see PoE/PoE+ and SFP/SFP+ support on page 7. For more information about managing SonicPoint access points, see the Knowledge Base article, Dell SonicWALL TZ

Series and Dell SonicWALL X-Series solution managing SonicPoint ACe/ACi/N2 access points (SW13970).

Provisioning through the X-Series switch user interface

Further information about provisioning switches can be found in:

• Dell SonicWALL TZ - X solution: How to provision X-Series switches on SonicWALL TZ series firewalls

(185057)

• Dell SonicWALL X-Series Solution: How to provision Dell X-Series Switches on a SonicWALL TZ High

Availability (HA) system (186085)

• Dell SonicWALL X- Series Solution - How to manage Dell X-Series switch's admin credentials and

management IP through the Dell X-Switch's UI and in CLI (185479)

For information about adding a default gateway through the switch’s UI, see Adding a default gateway through

the X-Switch UI on page 14.

To provision the X-Series switch on a TZ series appliance through the X-Series switch user interface:

1 Ensure the TZ series appliance is running SonicOS 6.2.5.1 or higher.

If necessary, upgrade the appliance’s firmware.

2 On the X-Series switch, locate the white label containing the default IP address, Network Mask, user ID,

and password.

Record this information as you will need it when configuring the switch on the firewall.

Dell SonicWALL X-Series Solution Deployment Guide

Provisioning an X-Switch on a TZ series appliance

3 Ensure the switch is in Managed Mode.

NOTE: If the X-switch is not in Managed Mode, then it cannot be managed with SonicOS on the TZ

firewall. If the X-switch is in Managed Mode, the MGMT LED is on; in Unmanaged Mode, the MGMT LED is off.

TIP: X1052/X1052P switches are delivered from the factory in Managed Mode. All other switches

are delivered from the factory in Unmanaged Mode to avoid unauthorized access to the switch. For further details, see the Dell™ Networking™ X1000 and X4000 Series Switches User Guide.

If the switch is:

• In Managed Mode, go to Step 4.

• Not in Managed Mode, enable managed mode by inserting a paperclip into the Managed Mode

opening and pressing the Managed Mode button for 7 seconds. The Managed Mode button is a small button located on the:

• Right side of the rear panel on X1008/X1008 X-switches.

• Left side of the rear panel on all other X-switches.

Use a straightened paper clip to press the button.

After 7 seconds, the X-switch reboots to change to Managed mode.

4 Connect the X-switch console:

• By an RJ45 cable to a PC in the same subnet as the X-switch if configuring through the X-switch

GUI.

• Through Telnet (9600 baud) if configuring through the CLI.

5 Power on the X-Series switch.

6 In your PC browser, go to 192.168.2.1. The login screen for the X-switch displays.

Dell SonicWALL X-Series Solution Deployment Guide

Provisioning an X-Switch on a TZ series appliance

7 Log in to the X-Series switch user interface (UI).

NOTE: The username is admin and the password is admin.

The Initial Setup Welcome page displays.

8 If you have not recorded the switch’s information in Step 2, do so now.

9Click Next. The Network Settings page displays.

10 To ensure the X-Series switch’s IP does not change dynamically when the DHCP server is enabled on the

firewall, ensure Static IP is selected for IP Address Source instead of Dynamic IP (DHCP), which is the default.

NOTE: Selecting Static IP requires that you must specify a default gateway.

11 Verify the Static IP Properties information.

12 Configure the IP addresses of the switch in the appropriate fields; for example:

IP address 192.168.2.1/24

Subnet Mask 255.255.255.0

Gateway 192.168.2.2

Dell SonicWALL X-Series Solution Deployment Guide

Provisioning an X-Switch on a TZ series appliance

13 Click Next. The Credentials page displays.

14 Change the administration password by entering a new password in the Password and Re-enter

Password, fields.

15 Click Next. The Switch Information page displays.

16 Complete the Switch Information and SNMP Settings pages as described in the Dell™ Networking™ X1000

and X4000 Series Switches User Guide.

17 Click Next. The Simple Network Management Protocol (SNMP) Settings page displays.

18 Complete the SNMP Settings page as described in the Dell™ Networking™ X1000 and X4000 Series

Switches User Guide.

Dell SonicWALL X-Series Solution Deployment Guide

Provisioning an X-Switch on a TZ series appliance

19 Click Next. The Summary page displays.

20 Click Finish. The configuration is written in the Startup configuration of the X-switch.

21 Configure the interface as VLAN 1.

22 Ensure the firewall can reach the X-Series switch by pinging the X-Series switch from the firewall before

provisioning/managing the switch from the firewall.

Dell SonicWALL X-Series Solution Deployment Guide

Provisioning an X-Switch on a TZ series appliance

Adding a default gateway through the X-Switch UI

To add a default gateway to a switch through its UI:

1 In the UI, select Switch Management > IPv4 Addressing (or IPv6 Addressing).

The Edit IPv4 Addressings page displays.

Dell SonicWALL X-Series Solution Deployment Guide

Provisioning an X-Switch on a TZ series appliance

+ 31 hidden pages

Dell sonicwall x series Deployment Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Overview

TZ/X-Series Solution: a unified approach

About the Dell SonicWALL X-Series Solution

Performance requirements

Features provided by the Dell SonicWALL X-Series Solution

PortShield functionality and X-Series switches

PoE/PoE+ and SFP/SFP+ support

X-Series Solution and SonicPoints

Recommended reading

Provisioning through the X-Series switch user interface

Provisioning an X-Switch on a TZ series appliance

Adding a default gateway through the X-Switch UI