SonicWall Pro 100 Standard to NAT Mode

Hello,

I am currently running a Sonicwall Pro 100 in Standard mode without utilizing the DMZ or NAT.  The only device connected to the WAN link is the router.  There are rules to access four servers that provide public access for FTP, Web services, etc. from the Internet. Everything else is denied by a default rule.  There is a fifth public server that provides DNS - we are our primary and our ISP is secondary.  DHCP is handled by an internal server not the Sonicwall and it leases fully-qualified IP addresses.

The network is a mixed mode with the servers being W2K and NT4.  The clients are W95, W98, W2K, WXPro, and various Macintoshes.  The printers are accessed via tcp-ip and there is no print server.

I would like to use the DMZ and NAT along with non-routable IP addresses for our non-public servers, workstations, and printers.

I would like DHCP (using non-routable IPs) to be handled by the internal server and not the Sonicwall; is this possible? Or, will this interfere with the ability to use NAT? What would you recommend?

Thank you,
Theresa






tjheroffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

utahdevildogCommented:
DHCP and NAT do not have to be used together.  The only time I would recommend using the SonicWALL DHCP option is if you also run a VPN.  You will obviously have to set your public servers inside the DMZ with static routes still set.
0
tjheroffAuthor Commented:
Hello utahdevildog,

I would like to use an internal server for DHCP using non-routable IP addresses not the Sonicwall.  

If I do not need to run DHCP and NAT together can I run the Sonicwall in Standard mode using the non-routable IP addresses?

Thank you,
Theresa
0
utahdevildogCommented:
You are still going to want to use NAT.  The no-routable IP addresses need to be changed to routable public addresses.  NAT performes this function for you.
0
jeffkearnsCommented:
Not only can it be done, it's how it SHOULD be done.

Move your public servers to the DMZ and hard-code their IP information. Make sure you put the IP range of the DMZ in the configuration pages of the SonicWALL.

Enable NAT on the LAN port, and give it a non-routable address like 192.168.1.1.

Change all the scopes on your DHCP server to reflect your new non-routable range(s). Make sure DHCP is not enabled on the SonicWALL. Renew the IP addresses of all the clients on your network.

Setup your access rules on the SonicWALL to allow the appropriate traffic between the WAN/DMZ/LAN ports.

Finally, to answer your follow-up question: No, you can't use non-routable addresses in standard mode.

Jeff
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tjheroffAuthor Commented:
Hello Jeff,

Thank you for the clarification! Have a good day.

Thanks again, Theresa
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.