Configuration for SonicWall TZ Series
Overview
The Accelerated 6300-CX Cellular Extender provides a reliable, high-speed cellular connection that is compatible with existing wireline infrastructure. While its 4G LTE speeds are capable of operating as a primary WAN uplink, the 6300-CX can also be configured as a backup. This network redundancy solution delivers the ultimate flexibility to minimize expenses when it comes time for upgrading equipment to the latest wireless standards.
Business continuity depends on the seamless integration of failover-connectivity solutions to prevent service interruptions. Now more than ever, contingency networks play a strategic role in sustaining business operations. Unplanned outages can cost companies significant time and money, frustrating employees and clients alike, which creates a negative perception that is difficult to overcome.
Cellular data (4G LTE) bypasses wireline Internet service providers (ISPs) to facilitate the best redundancy possible. Additionally, in some situations it may be a challenge to acquire access to wired circuits or an event may call for temporary online access. For these reasons SonicWall and Accelerated Concepts have teamed up to offer comprehensive security and flexibility for small businesses, retail, government, remote sites, and branch offices.
SonicWall’s TZ Series of firewalls consolidates enterprise security measures into a single Unified Threat Management (UTM) device. It optimizes and fortifies networked environments thanks to a robust suite of administrative utilities ranging from content filtering to malware and intrusion prevention though this functionality hinges upon an active WAN connection. A TZ-Series UTM Firewall paired with the Accelerated 6300-CX Cellular Extender will ensure your enterprise network remains secure and operational should its primary ISP go offline. Running a cellular backup via an Ethernet cable preserves the full security functionality of the TZ-Series device (DPI-SSL inspection), which isn’t the case for USB-connected Aircards.
For additional information, please refer to SonicWall’s TZ-Series datasheet and the SonicOS Administration guide.
Interoperability Matrix
This section covers interoperability information of the hardware tested for this solution. It includes the firmware versions of both devices as well as the date of testing.
Date | SonicOS Release | 6300-CX Firmware |
---|---|---|
10/2016 | 5.9.X & 6.2.X | 16.10.13 |
Caveats
The delivery of wireless services varies depending on the carrier and may lead to differences in the area of coverage, type of service (3G, 4G, LTE, etc.), available bandwidth, and IP address designation (Private or Public) among other factors. The interoperability test designed for this solution guide included LTE service, maximum coverage availability, and a public IP address assigned to each device.
Using the 6300-CX as a secondary connection assumes that a primary WAN Ethernet cable is plugged into the X1 port on the SonicWall device. Connect the 6300-CX’s backup Ethernet cable to port X2 and proceed to the configuration described herein. (Compatible with all Gen 6 Firewalls, including TZ, NSA, and SuperMassive series.)
Accelerated 6300-CX Cellular Extender Setup
Initial Setup
Affix both antennas to the router and insert an activated SIM card before deploying the device. Be sure to select a location with optimal signal strength. For detailed instruction, refer to the tables that follow. Subsequent sections will outline site selection, powering options, and other device functionality.
|
Site Survey
If you are unsure of the available cellular signal strength, or are choosing between several locations, please follow the instructions to identify the ideal installation site.
|
Remote Power Installation – Power Option #1
The included Power-over-Ethernet (PoE) injector allows the device to be positioned away from power outlets to simplify its installation needs. The adaptor consolidates the DC power and Ethernet connections so that both can be run to the 6300-CX via a single Ethernet cable. Distances of 300 ft have been tested on CAT6 and 250 ft on CAT5e. Note that cable conditions and the number of splices will impact actual distance.
|
Direct Power Installation – Power Option #2
If you plan to collocate the 6300-CX with the MX device, you can directly power the 6300-CX without the PoE cable.
|
Understanding the 6300-CX LEDs
Once power has been established, your device will initialize and attempt to connect to the network. Device initialization may take 30-60 seconds. Indicator lights on the Wireless Strength Indicator show you the cellular network signal strength. The Network Status Light on the front left of the device displays connectivity information.
Please visit accelerated.com for additional information and troubleshooting tips.
SonicWall Configuration with the Accelerated 6300-CX
Multiple WAN (MWAN) Configuration
More than one network must be assigned to the SonicWall’s WAN Zone to create a contingency solution. Once assigned to a zone, configure the connection’s IP assignment, group membership, and any other relevant specifications. MWAN functionality automatically assigns the primary WAN interface from the X1 port. All other ports can be manually allocated for WAN network routing aside from X0, which must remain dedicated to local administration (LAN).
Access the SonicWall admin portal at 192.168.168.168
Please refer to the SonicWall knowledge article for an in-depth walkthrough of the Interfaces Screen.
NOTE: X0 is reserved for the default LAN and X1 is predefined as the default WAN, making X2 the first available interface for a failover WAN.
|
Failover & LB Management
TZ-Series Firewalls feature customizable, load-balancing (LB) automation that reroutes traffic to contingency networks when triggered by outages or user-defined limits. SonicWall recommends that load balancing remains enabled at all times, even when a single-WAN solution is in use. (It is activated by default.)
Groups respond to specific network conditions depending on their assigned type: Basic Failover, Round Robin, Spill-over, and Ratio. To set a backup connection so it takes over for the primary line in the event of a service outage, add both interfaces to the “Default LB Group” (the firewall’s basic failover grouping) and confirm that the main interface (X1) is listed above the auxiliary WAN (X2).
The “preempt and failback to preferred interfaces when possible” checkbox appears only for the “Basic Failover” type. Selected by default, it enforces the preferences established by the sort order of the interface list. These options change contextually depending on the group type, including options to set ratio or spill-over thresholds. Use the Probing tab to modify parameters for failback detection via Logical probes, which verify whether or not connectivity has been restored to an inactive interface before reestablishing it as the primary WAN.
Please refer to the SonicWall knowledge article for an in-depth walkthrough of the Failover & LB Screen.
|