I need help, I am burnt out and my brain is fried. Let's start at the outside and work our way in shall we? I have an SMC router/cable modem. My SBS2003 server running exchange server is dual homed. The WAN NIC (182.168.X.X) is in the DMZ of the SMC router/cable modem. The LAN NIC (192.168.X.X) is plugged into the nework switch.
I want to add a SOHO 6 firebox to the nework and relieve the SBS2003 from any firewall duties. When I try to implement it I get no internet. What should the ip schemes at the different devices be? Any guidance is much appreciated...
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
timamartin here is what you need to do...
Take the watchguard firebox and test it from a pc. Make sure you can browse out etc.
-Replace the SMC router with the watchguard.
-If you are hosting services, you need to use a private class IP in the SBS WAN NIC and map it in a one to one NAT on the firebox.
Sorry - I just realized that I was mistaking your Watchguard for a Sonicwall. I'm not sure what Watchguard calls their bridge mode; Sonicwall calls it "transparent mode."
You're not going to be able to replace the SMC with a SOHO6, because the SMC is a cable endpoint as well as a simple router/firewall. The Watchguard is only a router/firewall, not a cable endpoint.
Also, if you can manage to get a firewall working somehow or other, the SBS server no longer needs to do routing and remote access, and only needs one NIC. Yes, that NIC would have a private IP, not a public one.
You could, but you might run into trouble if you are using NAT on both devices in series, particulary when you are using NAT between networks that do not require NAT to be used (private IPs on both interfaces). This configuration may work at just your site, but if you have more than one subnet, the subnet(s) which are once more removed from the Sonicwall will not be able to get internet access at all.
Going from local subnet to NAT router (with private IP on both interfaces) to NAT router (with private LAN and public WAN) is iffy. That's why I recommended setting one or the other up for bridging. You only want to use NAT on a router that has a public IP on one interface and a private IP on the other. Going from local subnet, router, local subnet, NAT router w/2 private, NAT router w/1 pub 1 private, internet - that doesn't work at all.
Now, I know with Sonicwall, you cannot turn NAT off without using their transparent/bridge mode. With Watchguard, you may be able to turn NAT off and still have it be a router. If you can turn NAT off and still have it be a router, your idea should work just fine.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Accept ckratsch's comment as answer.
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Miguel
EE Cleanup Volunteer
Business Accounts
Answer for Membership
by: ckratschPosted on 2005-10-18 at 20:06:17ID: 15113201
Best way to do this is to configure your SMC as a bridge, if possible. That way, your Sonicwall will have a public IP on its WAN interface and a private IP on the LAN interface. It'll take over all NAT routing and firewalling. Clients would use the Sonicwall LAN IP as their gateway.
Another option would be to put the SOHO6 in bridge mode (they call it transprent mode, I think). In this scenario, your SMC would have a public IP on the WAN side, private IP (192.168.x.1, for example) on the LAN side. Your SOHO6 in transparent mode would then use 192.168.x.2 (for example) on both interfaces, with a gateway of 192.168.x.1. The clients inside the SOHO would use 192.168.x.3-whatever, and use 192.168.x.2 as their gateway.
Something that I have discovered, not with an SMC device, but with a 2Wire DSL modem/router -- and this is very important --
You may not be able to get any configuration to work with these two devices. The SMC may simply not be configurable enough to deliver packets to the SOHO6 without screwing them up. The symptom I have experienced at two sites with 2Wire devices and trying to put hardware firewalls between them and the clients (on was a Sonicwall TZ170, the other a Watchguard SOHO something or other) is that download speed was fine, upload speed was fine, but when trying to upload, the TCP connection to the receiving server would drop after 50K or so. I confirmed this by using a speedtest site (http://speedtest.gci.net)
But it ain't.
My solution for these clients using 2Wire DSL endpoints was to replace the 2Wire with a Netopia Cayman series endpoint at one (a much smarter device) and the other client is probably going to end up getting an even simpler DSL bridge.