?
Solved

Sonicwall 1-to-1 Nat question

Posted on 2006-06-20
5
Medium Priority
?
1,258 Views
Last Modified: 2011-09-20
Have three public IPs.  For example:
xxx.xxx.xxx.183 is used solely for the internal network.
xxx.xxx.xxx.184 is assigned to DVR1.
xxx.xxx.xxx.185 is assigned to DVR2.
The 2 DVRs are routing traffic TCP/UDP EXCLUSIVELY on port 7700.
Currently this setup is being done by using a switch after the cable modem.

We need to route all 3 through one firewall:
 
Routing would be 1-to-1 Nat:
Assign DVR1 staticIP xxx.xxx.xxx.184 to internal private address 10.10.10.101 for TCP/UDP 7700.
Assign DVR2 staticIP xxx.xxx.xxx.185 to internal private address 10.10.10.102 for TCP/UDP 7700.
 
What would the routing table look like for outgoing?
Is this the correct setup?
THanks
0
Comment
Question by:PCLANTECHS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Expert Comment

by:olyrick
ID: 16993061
Which Sonicwall router are you using? Also, what is the subnet of these IPs?

I believe you must have SonicOS Enhanced to be able to do 1-to-1 NAT with multiple IP addresses. The funny thing with the Sonicwall is that you cannot tell it explicitly to listen to the 2 IP addresses, but you can tell it to apply NAT to the different IPs.

First, create 2 services (with the same name), one for TCP 7700 and one for UDP 7700.
Create a NAT rule (possibly using the Public Server Wizard) for the new service to point to your internal IPs. In the public server wizard, if you are using SonicOS Enhanced, it will ask you for "Server Public IP Address". Enter x.x.x.184 or .185 here.
Click on Apply, and you're done.
0
 
LVL 1

Author Comment

by:PCLANTECHS
ID: 16993119
thanks for the response. We are going to use a TZ 170. We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced?
They stated it would work just as you have. Why would we c reate a service with the same name?
I was just going to setup the one-to-one and create the inbound and outbound rules which looks to be what you suggest.
Also, When you publish the publish the public server does this automatically create the outbound rule?
Thanks
0
 
LVL 10

Accepted Solution

by:
budchawla earned 2000 total points
ID: 17137519
PCLANTECHS, in response to your questions:
We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced? You don't need Enhanced to have the 1-1 nat that you need. In fact, all you need to do is specify a single 1-1 nat range with a length of 2. i.e., add a new range, private range start: 10.10.10.101 public range start xx.xx.xx.184, range length = 2.

I think what olyrick was suggesting was to create a custom service since the sonicwall does not have a default service for tcp 7700 and udp 7700. The same-name thing is just to keep it simple to manage, technically you could name them whatever you wanted.

By default on most sonicwalls (look towards the bottom of the access rules page), there is a rule that says

Priority      Source      Destination      Service          Action      
13              LAN        *                    Any         Allow

This would allow ANY outgoing traffic unless it's specifically blocked by another (higher & more specific) rule. So no, you don't need to create outdound rules.

So the process is quite simple:
1. Create Services for TCP 7700 & UDP 7700 named say custom1 & custom2
2. Create a 1-1 NAT as I mentioned above
3. Create firewall access rules as:

Action: Allow
Service: custom1
Source: WAN *
Destination: LAN 10.10.10.101 - 10.10.10.102

Action: Allow
Service: custom2
Source: WAN *
Destination: LAN 10.10.10.101 - 10.10.10.102

And make sure the rules are enabled!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question