Sonicwall TZ170 and setting up a LAN while leaving a webserver with its own public IP

Posted on 2006-05-30
Last Modified: 2008-02-01
I want to setup a TZ170 so that one public IP address points to our VPN LAN and so that the other points to a webserver on the same LAN which will need a different public IP address.  Has anyone done anything resembling my crude diagram below?

                                          webserver with public IP #1
WAN ----------Sonicwall TZ170 with public IP #2
                                           LAN PCs
Question by:dance1bb
    LVL 3

    Accepted Solution


    You will need to use the OPT ZONE(on the back of the TZ-170, sometimes labeled DMZ) for the webservers LAN, configure your routing tables so that each of the Public IP's know where to terminate(which IP range) and you should be good to go...the two LAN's will have distinct IP ranges so if information is to be shared internally from the webserver to the VPN LAN another static route will need to be written to bridge the two subnets...cheers.

    Hope this helps,

    LVL 1

    Expert Comment

    With your TZ170 standard you only have one public IP address.

    If you must use two public IP addresses you will need to upgrade the firware on the TZ170 to the enhanced version and use the alternate port as a second WAN access to the internet connecting both ports to a switch then to your modem.

    Either way:

    Configure the VPN through the VPN Page and setup an acess rule in the Firewall page to forward all Http: (Port 80) traffic to the local IP address of the server.
    LVL 3

    Expert Comment

    Hi again...

    artffjr is will need the enhanced version of the firmware, which I neglected to mention...


    Author Comment

    Where do I find the enhanced version of the software?  Only the standard version is available from for the TZ170.
    LVL 1

    Assisted Solution

    Part number is 01-SSC-5568
    Retail is $500.00

    Here is a source that is less than retail:

    As a dealer I can not purchase this for less than above.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now