Solved

SonicWall Pro 100 Standard to NAT Mode

Posted on 2003-10-21
5
650 Views
Last Modified: 2011-10-03
Hello,

I am currently running a Sonicwall Pro 100 in Standard mode without utilizing the DMZ or NAT.  The only device connected to the WAN link is the router.  There are rules to access four servers that provide public access for FTP, Web services, etc. from the Internet. Everything else is denied by a default rule.  There is a fifth public server that provides DNS - we are our primary and our ISP is secondary.  DHCP is handled by an internal server not the Sonicwall and it leases fully-qualified IP addresses.

The network is a mixed mode with the servers being W2K and NT4.  The clients are W95, W98, W2K, WXPro, and various Macintoshes.  The printers are accessed via tcp-ip and there is no print server.

I would like to use the DMZ and NAT along with non-routable IP addresses for our non-public servers, workstations, and printers.

I would like DHCP (using non-routable IPs) to be handled by the internal server and not the Sonicwall; is this possible? Or, will this interfere with the ability to use NAT? What would you recommend?

Thank you,
Theresa






0
Comment
Question by:tjheroff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 

Expert Comment

by:utahdevildog
ID: 9596158
DHCP and NAT do not have to be used together.  The only time I would recommend using the SonicWALL DHCP option is if you also run a VPN.  You will obviously have to set your public servers inside the DMZ with static routes still set.
0
 

Author Comment

by:tjheroff
ID: 9598994
Hello utahdevildog,

I would like to use an internal server for DHCP using non-routable IP addresses not the Sonicwall.  

If I do not need to run DHCP and NAT together can I run the Sonicwall in Standard mode using the non-routable IP addresses?

Thank you,
Theresa
0
 

Expert Comment

by:utahdevildog
ID: 9603575
You are still going to want to use NAT.  The no-routable IP addresses need to be changed to routable public addresses.  NAT performes this function for you.
0
 
LVL 5

Accepted Solution

by:
jeffkearns earned 250 total points
ID: 9603980
Not only can it be done, it's how it SHOULD be done.

Move your public servers to the DMZ and hard-code their IP information. Make sure you put the IP range of the DMZ in the configuration pages of the SonicWALL.

Enable NAT on the LAN port, and give it a non-routable address like 192.168.1.1.

Change all the scopes on your DHCP server to reflect your new non-routable range(s). Make sure DHCP is not enabled on the SonicWALL. Renew the IP addresses of all the clients on your network.

Setup your access rules on the SonicWALL to allow the appropriate traffic between the WAN/DMZ/LAN ports.

Finally, to answer your follow-up question: No, you can't use non-routable addresses in standard mode.

Jeff
0
 

Author Comment

by:tjheroff
ID: 9605800
Hello Jeff,

Thank you for the clarification! Have a good day.

Thanks again, Theresa
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question