These are great. What we really need is a video on "what to buy." It is not easy to try and figure out what to buy, and the resellers themselves are not clear. I bought five SonicWall products, and unfortunately the licensing was not correct and I am trying to get that solved.
Sorry to hear that Thomas. Feel free to reach out to your local sonicwall team to have a discussion about your needs. If you don’t know who they are, ping me. I’ll put you in touch
@@JeanPierTalbot I know this was a year ago, however I worked Bus Dev for MSP's for a while, prior to being in Cyber Sec now, and always pushed SonicWall. Many of the MSP/MSSP's are just doing basic configs and putting them in play without using the machine/licensing correctly. They are not educated or trained on the SonicWall line, and with HA Failover being needed for certain networks among other features, the complexity of installing a successful SonicWall FW is really based on the relation they have or don't have with you guys at SonicWall. If more resellers used your offer to train their employees at the online SonicWall University, and even get the certifications you have available. I think that Managed Service companies and resellers would be avoiding issues like this. The university gives you a good understanding of the various products and the appropriate environments you would want to use them in, so less confusion on what to buy from SonicWall customers, and solid alignment all around.
Hey JPT, I was wondering if you could do a video on how to connect 2 Sonicwall switches that use the mgmt vlan? I think it has to do with Trunking one of the ports but I'm unclear
I am upgrading a current network with a new TZ670, 6 sonicwall PoE switches and 8 SonicWall 641 access points. For each VLAN you had a physical connection to the firewall from the switch. In my mind, I was thinking there should be one trunk for all the VLAN's to the switch. Can you help me understand the difference from how you did this and one trunk port to the firewall?
JP I have a question on the VLAN. I have my x4 setup for my AP and it works fine directly connected to it through a POE device. I have my switch setup with VLAN 2 on ports 2-3. The firewall x4 is connected to switch 2 and my AP is switch 3, the switch provides POE. When the AP comes up it never registers with an IP. If i used a non-managed switch it works fine. Is there a video on the TZ where I need to Assign a VLAN on the x-port of the firewall?
To clarify - at 49:49. So you are saying on ports 15-24, they are part of vlan 90 but traffic from 15-24 will not be tagged with vlan90. Laptop1 -> Desk phone -> swport 15 (vlan90, not tagged) -> T1 (swport 13,14 not tagged with vlan90) -> Router x6/x7 -> Internet or Laptop2 -> swport 16 (vlan90, not tagged) ->t1 (swport 13, 14 not tagged with vlan90) -> Router x6/x7 -> Internet However, staff connecting on the Wifi, which will come through ports 5-8, will always be tagged with vlan90. Scanner -> Wifi SSID "Warehouse" -> swport 5 (tagged with vlan90) -> T1 (swport 13,14 and tagged vlan90) -> Router x6/x7 -> Internet But a Wired connection for a desk phone would be: Phone -> swport 15 (vlan99, tagged) -> T1 (swport 13,14 and tagged with vlan99) -> Router x6/x7 -> Internet Was the phone manually configured to apply a tag of vlan99 in it's own system config? Why do devices like Laptop2, wired in to ports 15-24, not need to be tagged to get through? How does the device know it is vlan90, or the switch know that, if the traffic is never being tagged with that vlan id?
If you configure a port on your switch to be on vlan 90 for untag traffic and other vlan as tagged, the switch know that any traffic coming in untag belongs to vlan 90.
So, with multiple VLANs configured for diffrent WANs & LANs, if one of the LAN VLANs (the default subnet) is where I need to be able to manage the switch from (just for argument sake & we don't have a specific MGMT VLAN), would you set the management VLAN as that LAN VLAN that is already setup?
Further troubleshooting, If I go x4 from firewall to un-tag port 14 of my L2 switch and then untagged port 15 to the AP the LAN light stays amber. Yet if I take port 15 and run it through a POE injector the LAN light goes green. Do you think I need possibly a crossover cable from my switch port which has POE to the AP?
Hi JP, thanks for all your video's, they are very helpful! I have a question regarding switch configuration. Here's the situation, we have an HA Pair of 670's with a 24 port switch between them. This was first implemented as a single 670 and no switch to get things going quickly in a new location, the second 670 and switch were added a month later and put into HA mode. Due to a short implementation window, the vlan's etc were preconfigured manually on the switch ahead of time. We would like to have the switch managed by the firewall, but the instructions say it need to be in factory default mode. Is there any way to get the firewall to read the current switch config rather than starting from scratch? Any help appreciated.
Hi James, unfortunately you will need another maintenance window. I would personally advice to use the cloud to manage the switch. If you need to upgrade to a bigger firewall or a gen8 sonicwall in years from now, you won’t need to worry about the switch if it is manage by the cloud. And cloud will erase your config. Hopefully it’s only a few vlan to set.
Great video, it was very informative! I was able to get my SonicWall switch configured and working. However, I am trying to configure my uplinks to be in a LAG. The uplinks connect to 2 Dell S5248F switches. I would like them to be redundant in a LAG, but cannot seem to get the correct LACP System Priority and System Policy values. Are you able to share what you have used for Dell switches in the past, or how I can determine what they are set at on my Dell switches? Thanks in advance!
Your video's saved me from leaping out a basement window. Thank you!!! Question, is there any way to get a secure connection when managing the firewall by IP address? If I manage it with the FQDN I get the https with the lock but, if I use the public Ip I get the https with the lines through it indicating that it is an unsecured connection.
If you have just 1 SonicWave unit to deploy, and you are able to connect directly to the SonicWall router (say port x5), and it carries a Staff and Guest signal, do you need to use vlan tagging at all since it is not passing through a Switch ?
Eventually yes. Personally I prefer management with the cloud. - allows to manage switches in multiple location in the same UI. - you can change your firewall without having to worry about the switches But yes, I’ll add it to the list
So... what if you have these 3 VLans, and they are all staff / corporate computers. You have separated them to different switches using a VLAN. But you as the Admin need to be able to connect to any one of them remotely through the LAN. I'm only 30 mins into the video , maybe you cover this later, but if not - how do you let an Admin talk to any machine they need to connect to when they are on different vlans for remote support ?
You can create access rules in the firewall to say that you can connect to all machines. Be careful as if you go ahead and create a policy allowing you access to everything on all ports and protocol. If you get a ramsomware, it will have all the access in the world to take everything and everyone down. So be super specific in what you allow. Maybe force yourself to manually authenticate to the firewall to gain access when needed. Hope that helps!
I have a question to you. If i want to change the ip block of lan into a live network what precautions should we take before the execution? Is it possible to change the lan interface from X0 to X3.
Hi Arman, Yes you can set x3. But be careful as many people do their config using the address object “X0 subnet” which of course won’t work anymore if you switch to X3. So I would simply change the interface IP on X0 instead. Then go into “address object” and search for your old subnet and change stuff if needed.
Hey JP. Merci beaucoup for your videos, they are super well done and always very insightful. It might seem like I'm reaching, but please, could you consider making a video about LACP on switches for 1 specific purpose? In this case, something that happens quite often with customers who buy a pair of sonicwall firewalls I'm HA setup, and they only have 1 LAN and 1 WAN cable available. Basically I'm asking if you make a video to show on detail the config of LACP and LAG groups to make sure that the LAN cable is "split" into 2 cables, each of them going to the HA pair X0 and same thing for the WAN, meaning from the switch 2 cables come out and go into the X1 of both firewalls. It would be extremely helpful, thanks in advance.
I’ll check Monday (it’s Sunday morning and I’m enjoying my coffee watching tv). But I’m pretty confident you cannot buy the switch without the cloud management. So I’m very confident you don’t need a separate licence to manage your sonicwall switch in the cloud. :-)
These are great. What we really need is a video on "what to buy." It is not easy to try and figure out what to buy, and the resellers themselves are not clear. I bought five SonicWall products, and unfortunately the licensing was not correct and I am trying to get that solved.
Sorry to hear that Thomas.
Feel free to reach out to your local sonicwall team to have a discussion about your needs. If you don’t know who they are, ping me. I’ll put you in touch
@@JeanPierTalbot I know this was a year ago, however I worked Bus Dev for MSP's for a while, prior to being in Cyber Sec now, and always pushed SonicWall. Many of the MSP/MSSP's are just doing basic configs and putting them in play without using the machine/licensing correctly. They are not educated or trained on the SonicWall line, and with HA Failover being needed for certain networks among other features, the complexity of installing a successful SonicWall FW is really based on the relation they have or don't have with you guys at SonicWall. If more resellers used your offer to train their employees at the online SonicWall University, and even get the certifications you have available. I think that Managed Service companies and resellers would be avoiding issues like this. The university gives you a good understanding of the various products and the appropriate environments you would want to use them in, so less confusion on what to buy from SonicWall customers, and solid alignment all around.
Hey JPT, I was wondering if you could do a video on how to connect 2 Sonicwall switches that use the mgmt vlan? I think it has to do with Trunking one of the ports but I'm unclear
I am upgrading a current network with a new TZ670, 6 sonicwall PoE switches and 8 SonicWall 641 access points. For each VLAN you had a physical connection to the firewall from the switch. In my mind, I was thinking there should be one trunk for all the VLAN's to the switch. Can you help me understand the difference from how you did this and one trunk port to the firewall?
JP I have a question on the VLAN. I have my x4 setup for my AP and it works fine directly connected to it through a POE device. I have my switch setup with VLAN 2 on ports 2-3. The firewall x4 is connected to switch 2 and my AP is switch 3, the switch provides POE. When the AP comes up it never registers with an IP. If i used a non-managed switch it works fine. Is there a video on the TZ where I need to Assign a VLAN on the x-port of the firewall?
To clarify - at 49:49. So you are saying on ports 15-24, they are part of vlan 90 but traffic from 15-24 will not be tagged with vlan90.
Laptop1 -> Desk phone -> swport 15 (vlan90, not tagged) -> T1 (swport 13,14 not tagged with vlan90) -> Router x6/x7 -> Internet
or Laptop2 -> swport 16 (vlan90, not tagged) ->t1 (swport 13, 14 not tagged with vlan90) -> Router x6/x7 -> Internet
However, staff connecting on the Wifi, which will come through ports 5-8, will always be tagged with vlan90.
Scanner -> Wifi SSID "Warehouse" -> swport 5 (tagged with vlan90) -> T1 (swport 13,14 and tagged vlan90) -> Router x6/x7 -> Internet
But a Wired connection for a desk phone would be:
Phone -> swport 15 (vlan99, tagged) -> T1 (swport 13,14 and tagged with vlan99) -> Router x6/x7 -> Internet
Was the phone manually configured to apply a tag of vlan99 in it's own system config?
Why do devices like Laptop2, wired in to ports 15-24, not need to be tagged to get through? How does the device know it is vlan90, or the switch know that, if the traffic is never being tagged with that vlan id?
If you configure a port on your switch to be on vlan 90 for untag traffic and other vlan as tagged, the switch know that any traffic coming in untag belongs to vlan 90.
So, with multiple VLANs configured for diffrent WANs & LANs, if one of the LAN VLANs (the default subnet) is where I need to be able to manage the switch from (just for argument sake & we don't have a specific MGMT VLAN), would you set the management VLAN as that LAN VLAN that is already setup?
Further troubleshooting, If I go x4 from firewall to un-tag port 14 of my L2 switch and then untagged port 15 to the AP the LAN light stays amber. Yet if I take port 15 and run it through a POE injector the LAN light goes green. Do you think I need possibly a crossover cable from my switch port which has POE to the AP?
Love these videos as I'm getting ready to upgrade our network. BTW you might want to block out your phone number on the screen.
It’s there on purpose.
At the end I’m part of a sales team. :-)
Honestly very few called. 99% of people email me
@@JeanPierTalbot cool! I may be emailing you if I run into problems but your video is very thorough.
Hi JP, thanks for all your video's, they are very helpful! I have a question regarding switch configuration. Here's the situation, we have an HA Pair of 670's with a 24 port switch between them. This was first implemented as a single 670 and no switch to get things going quickly in a new location, the second 670 and switch were added a month later and put into HA mode. Due to a short implementation window, the vlan's etc were preconfigured manually on the switch ahead of time. We would like to have the switch managed by the firewall, but the instructions say it need to be in factory default mode. Is there any way to get the firewall to read the current switch config rather than starting from scratch? Any help appreciated.
Hi James, unfortunately you will need another maintenance window. I would personally advice to use the cloud to manage the switch. If you need to upgrade to a bigger firewall or a gen8 sonicwall in years from now, you won’t need to worry about the switch if it is manage by the cloud.
And cloud will erase your config. Hopefully it’s only a few vlan to set.
Great video, it was very informative! I was able to get my SonicWall switch configured and working. However, I am trying to configure my uplinks to be in a LAG. The uplinks connect to 2 Dell S5248F switches. I would like them to be redundant in a LAG, but cannot seem to get the correct LACP System Priority and System Policy values. Are you able to share what you have used for Dell switches in the past, or how I can determine what they are set at on my Dell switches? Thanks in advance!
Hi.
Unfortunately I don’t recall what I have set.
You can definitely reach out to sonicwall tech support. (Call)
They will be able to help
Your video's saved me from leaping out a basement window. Thank you!!!
Question, is there any way to get a secure connection when managing the firewall by IP address? If I manage it with the FQDN I get the https with the lock but, if I use the public Ip I get the https with the lines through it indicating that it is an unsecured connection.
It’s not insecure, the reason why your web browser complain it’s because it’s a self sign certificate.
If you have just 1 SonicWave unit to deploy, and you are able to connect directly to the SonicWall router (say port x5), and it carries a Staff and Guest signal, do you need to use vlan tagging at all since it is not passing through a Switch ?
Yes you need vlans. Otherwise both staff and guess will be on the same network, witch defeat the purpose of having 2 SSIDs…
5:40 Who's a good doggo?!
Can you make a video showing how to configure and manage the switch through the firewall
Eventually yes.
Personally I prefer management with the cloud.
- allows to manage switches in multiple location in the same UI.
- you can change your firewall without having to worry about the switches
But yes, I’ll add it to the list
Thanks
So... what if you have these 3 VLans, and they are all staff / corporate computers. You have separated them to different switches using a VLAN. But you as the Admin need to be able to connect to any one of them remotely through the LAN. I'm only 30 mins into the video , maybe you cover this later, but if not - how do you let an Admin talk to any machine they need to connect to when they are on different vlans for remote support ?
You can create access rules in the firewall to say that you can connect to all machines. Be careful as if you go ahead and create a policy allowing you access to everything on all ports and protocol. If you get a ramsomware, it will have all the access in the world to take everything and everyone down. So be super specific in what you allow. Maybe force yourself to manually authenticate to the firewall to gain access when needed.
Hope that helps!
I have a question to you. If i want to change the ip block of lan into a live network what precautions should we take before the execution? Is it possible to change the lan interface from X0 to X3.
Hi Arman,
Yes you can set x3. But be careful as many people do their config using the address object “X0 subnet” which of course won’t work anymore if you switch to X3.
So I would simply change the interface IP on X0 instead.
Then go into “address object” and search for your old subnet and change stuff if needed.
@@JeanPierTalbot Thank you brother for your information. you are awesome.
Hey JP. Merci beaucoup for your videos, they are super well done and always very insightful. It might seem like I'm reaching, but please, could you consider making a video about LACP on switches for 1 specific purpose? In this case, something that happens quite often with customers who buy a pair of sonicwall firewalls I'm HA setup, and they only have 1 LAN and 1 WAN cable available. Basically I'm asking if you make a video to show on detail the config of LACP and LAG groups to make sure that the LAN cable is "split" into 2 cables, each of them going to the HA pair X0 and same thing for the WAN, meaning from the switch 2 cables come out and go into the X1 of both firewalls. It would be extremely helpful, thanks in advance.
Merci for the feedback!
Have you looked at my high availability video?
I cover LAG and my favorite for that specific use case: port redondancy
Do i need to buy a separate license to add my Sonicwall switches to the cloud
I’ll check Monday (it’s Sunday morning and I’m enjoying my coffee watching tv). But I’m pretty confident you cannot buy the switch without the cloud management. So I’m very confident you don’t need a separate licence to manage your sonicwall switch in the cloud. :-)
Great video. How can 1 get a sonicwall tshirt you have on?
it showed up on my doorstep...
@@JeanPierTalbot very nice. Great channel. Btw
Pls make in hindi language
I wish I could speak it. But unfortunately I only speak French and English.