Solved

SonicWall Pro 100 Standard to NAT Mode

Posted on 2003-10-21
5
640 Views
Last Modified: 2011-10-03
Hello,

I am currently running a Sonicwall Pro 100 in Standard mode without utilizing the DMZ or NAT.  The only device connected to the WAN link is the router.  There are rules to access four servers that provide public access for FTP, Web services, etc. from the Internet. Everything else is denied by a default rule.  There is a fifth public server that provides DNS - we are our primary and our ISP is secondary.  DHCP is handled by an internal server not the Sonicwall and it leases fully-qualified IP addresses.

The network is a mixed mode with the servers being W2K and NT4.  The clients are W95, W98, W2K, WXPro, and various Macintoshes.  The printers are accessed via tcp-ip and there is no print server.

I would like to use the DMZ and NAT along with non-routable IP addresses for our non-public servers, workstations, and printers.

I would like DHCP (using non-routable IPs) to be handled by the internal server and not the Sonicwall; is this possible? Or, will this interfere with the ability to use NAT? What would you recommend?

Thank you,
Theresa






0
Comment
Question by:tjheroff
  • 2
  • 2
5 Comments
 

Expert Comment

by:utahdevildog
Comment Utility
DHCP and NAT do not have to be used together.  The only time I would recommend using the SonicWALL DHCP option is if you also run a VPN.  You will obviously have to set your public servers inside the DMZ with static routes still set.
0
 

Author Comment

by:tjheroff
Comment Utility
Hello utahdevildog,

I would like to use an internal server for DHCP using non-routable IP addresses not the Sonicwall.  

If I do not need to run DHCP and NAT together can I run the Sonicwall in Standard mode using the non-routable IP addresses?

Thank you,
Theresa
0
 

Expert Comment

by:utahdevildog
Comment Utility
You are still going to want to use NAT.  The no-routable IP addresses need to be changed to routable public addresses.  NAT performes this function for you.
0
 
LVL 5

Accepted Solution

by:
jeffkearns earned 250 total points
Comment Utility
Not only can it be done, it's how it SHOULD be done.

Move your public servers to the DMZ and hard-code their IP information. Make sure you put the IP range of the DMZ in the configuration pages of the SonicWALL.

Enable NAT on the LAN port, and give it a non-routable address like 192.168.1.1.

Change all the scopes on your DHCP server to reflect your new non-routable range(s). Make sure DHCP is not enabled on the SonicWALL. Renew the IP addresses of all the clients on your network.

Setup your access rules on the SonicWALL to allow the appropriate traffic between the WAN/DMZ/LAN ports.

Finally, to answer your follow-up question: No, you can't use non-routable addresses in standard mode.

Jeff
0
 

Author Comment

by:tjheroff
Comment Utility
Hello Jeff,

Thank you for the clarification! Have a good day.

Thanks again, Theresa
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now