We're starting to implement more Layer 2 connections from Cable Providers for high speed WAN links. The prices of these links are very reasonable compared to MPLS and Frame Relay. However it's very important to properly throttle and match the same speed on the firewall as the Layer 2 connection. We typically connect the Layer 2 connection to a separate interface on the firewall so we can control the traffic between the LAN and WAN and prevent unnecessary traffic on the WAN link.
For example if you’ve purchased a 50mb/sec Layer 2 WAN link between two sites the Cable provider will typically provide a 100mb/sec Ethernet connection at each site. If you don’t properly throttle the WAN link on the firewall it will try to push 100mb/sec across the Layer 2 network. Since the Layer 2 connection can only handle 50mb/sec you will drop packets on the WAN link. In a worse case scenario, we’ve seen the firewall/router hang or the interface on the firewall randomaly disconnect without any entries in the firewall logs.
To limit the bandwidth on a Sonicwall NSA 2400 complete the following steps:
-
Login to the Sonicwall NSA 2400 with a Web Browser.
-
Click on Firewall Settings.
-
Click on BWM ( Bandwidth Management).
-
Set the Bandwidth Management Type to Global.
-
Click on Network and edit the interface of the Layer 2 WAN link.
-
Click on the Advanced Tab.
-
Check the Enable Egress Bandwidth Management checkbox and set it to the speed of the Layer 2 WAN speed. For example if the connection is 50mb/sec you would enter 50000.
-
Check the Enable Ingress Bandwidth Management checkbox and set it to the speed of the Layer 2 WAN speed. For example if the connection is 50mb/sec you would enter 50000.
-
Click Ok.
Hopefully this post may prevent a lot of grief when utilizing these types of WAN links.4/5/2013