Configuring PortShield Interfaces (TZ series, NSA 240, and NSA 2400MX)

PortShield architecture enables you to configure some or all of the LAN ports into separate security contexts, providing protection not only from the WAN and DMZ, but between devices inside your network as well. In effect, each context has its own wire-speed PortShield that enjoys the protection of a dedicated, deep packet inspection firewall.

PortShield is supported on SonicWall TZ Series, NSA 240, and NSA 2400MX appliances.

TIP: Zones can always be applied to multiple interfaces in the Network > Interfaces page, even without the use of PortShield groupings. However, these interfaces will not share the same network subnet unless they are grouped using PortShield.

You can assign any combination of ports into a PortShield interface. All ports you do not assign to a PortShield interface are assigned to the LAN interface.

To configure a PortShield interface:

Click on the Network > Interfaces page.

Click the Configure button for the interface you want to configure. The Edit Interface dialog displays.

In the Zone drop-down menu, select on a zone type option to which you want to map the interface.

NOTE: You can add PortShield interfaces only to Trusted, Public, and Wireless zones.

In the IP Assignment drop-down menu, select PortShield Switch Mode.

In the PortShield to drop-down menu, select the interface you want to map this port to. Only ports that match the zone you have selected are displayed.