159
SonicOS Enhanced 4.0 Administrator Guide
CHAPTER 15
Chapter 15: Configuring PortShield Interfaces

SonicWALL PortShield Interfaces

SonicWALL PortShield is a feature of the SonicWALL TZ 180 and TZ 190 security appliances
running SonicOS Enhanced 3.8 or newer.
PortShield architecture enables you to configure some or all of the LAN switch ports on the TZ
180 and TZ 190 into separate security contexts, providing protection not only from the WAN
and DMZ, but between devices inside your network as well. In effect, each context has its own
wire-speed switch ports that enjoy the protection of a dedicated, deep packet inspection
firewall. The SonicWALL TZ 180 has five switch ports, and the SonicWALL TZ 190 has eight
switch ports.
Note Port 1 and the Uplink port are the only ports from which you can establish a SonicOS
management session with the device.
You can assign any combination of ports into a PortShield interface. All ports you do not assign
to a PortShield interface are assigned to the LAN interface. For example, on a SonicWALL TZ
190 if you assign ports 4 through 8 to a PortShield interface, ports 1 through 3 and the uplink
port are all assigned to the LAN interface.
Note Port 1and the Uplink port can not be assigned to a PortShield interface. They can only be
LAN interface. The OPT and WAN ports can not be assigned to a PortShield interface.

Security Services with PortShield

When you enable SonicWALL Security Services, such as Gateway Anti-Virus (GAV), Anti-
Spyware, and Intrusion Prevention Service (IPS), the services inspect traffic between different
PortShield interfaces and not traffic between ports within the same PortShield interface.
For example, if ports 2 and 3 are assigned to the SwitchPort1 interface and ports 4 and 5 are
assigned to the SwitchPort2 interface, traffic between port 2 and port 3 will not be inspected by
Security Services. Traffic between port 2 and port 4 will be inspected.