Configuring a Dedicated Uplink

This configuration allows a given link between the firewall and the Switch to be designated as the dedicated uplink set up to carry PortShield traffic corresponding to the connected firewall interface. The firewall and Switch ports are configured in trunk mode for the VLAN corresponding to the PortShield VLAN of the firewall interface.

This configuration can be used in deployments where a dedicated 1G link is needed for a particular firewall interface. Cases where this configuration is necessary:

• VLANs are used; for example, another Switch behind the Switch.
• There is a large volume of traffic and there needs to be a separate uplink for this traffic.

The risk associated with such a configuration is using up interfaces on the firewall fairly soon.

In this example, there is no common uplink to carry the PortShield traffic for the rest of the firewall interfaces (excluding X0 and X5 for which dedicated links are set up).

For dedicated uplinks to work, the physical link must be connected before being configured.

The diagram, Dedicated Uplink Topology, shows a dedicated uplink setup of a firewall with a Switch. There are two dedicated uplinks in this scenario:

• The uplink between X3 on the firewall and port 1 on the SonicWall Switch is used to manage the Switch. In this configuration, X3 is configured in the same subnet as the IP of the Switch.

• In addition, there are two dedicated uplinks:

  • The uplink between X0 on the firewall and port 11 on the Switch is a dedicated link to carry all PortShield traffic for X0.
  • The uplink between X5 on the firewall and port 7 on the Switch is a dedicated link to carry all PortShield traffic for X5.

You can configure a dedicated uplink with or without setting up the common uplink to carry all PortShield traffic for the different firewall interfaces. In both cases, the common uplink is used to manage the Switch.

To configure a dedicated uplink topology without an common uplink

1. Set up the Switch as described in Adding a Switch to a Firewall Manually.
2. To set up a link as a dedicated uplink without management traffic, in the Add Switch dialog box set Firewall Uplink and Switch Uplink to None.
3. In the DEVICE | Switch Network > Overview > Physical View or List View, enable the Switch port for the dedicated link.

4. Once the Switch port is enabled, go to Switch Port Settings as described in Setting Up Ports. Set portshields to support dedicated uplinks. In this example, port 7 is portshielded to X5.