Solved

Need help installing a sonicwall 2040 with following network settings

Posted on 2006-10-21
12
203 Views
Last Modified: 2010-04-09
I need help installing my sonicwall firewall 2040.  My network settings are as follows.
I have a main machine IP adress of
Main IP: 205.252.89.211
Subnet Mask: 255.255.255.0
Gateway: 205.252.89.

Then, I have a block of IP addresses assigned to us.
206.161.205.97 through 125

The question is, how would I go about installing the firewall.  Sonic wall was not sure, but said that they think i would have to use Private and Public doing the following:

WAN Settings
Wan  Nat Enabled
IP 205.252.89.211
wan subnet  255.255.255.0
wan gateway router address 205.252.89.1

Sonicwall LAN IP address
192.168.168.168
Lan subnet 255.255.255.0

Under One to One Nat
We have two machines, so we would have to assign two separate entries.

Private begin 192.168.168.10
Public 206.161.205.97  length 27

Second Entry
192.168.168.38
public begin 206.161.205.125 length 1

Can anyone help?  

Thx!
0
Comment
Question by:ondrejko1
  • 6
  • 4
12 Comments
 
LVL 7

Expert Comment

by:jasonpaine
ID: 17780704
if you have enhanced firmware:
for the one to one nat you will need to create a inbound and outbound nat policy and a firewall access rule to allow this traffic.
 http://www.sonicwall.com/support/pdfs/SOS2e_Enhanced_NAT_Policies_How_To.pdf
page 9,10,11. you can create an address object for a server first with the ip address you are using then when configuring the nat policy and firewall access rule use the address object from the drop down list.
to configure your wan and lan interface see chapter 11 here
http://www.sonicwall.com/support/pdfs/SonicOS_Enhanced_3.1_Administrators_Guide.pdf
0
 

Author Comment

by:ondrejko1
ID: 17790361
Thanks, however I am not a network engineer and none of this makes sense to me.  Was wondering if someone could assist by indicating what addresses go where?
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 17793251
on the network settings page
use IP 205.252.89.211
wan subnet  255.255.255.0
wan gateway router address 205.252.89.1 for the wan ip info, your 205.x.x.x address did you get that from your ISP?

Sonicwall LAN IP address
192.168.168.168
Lan subnet 255.255.255.0
use this for the lan ip address, The 192.168.168.168 is the default address that ships with the sonicwall you can change it too a different address like 192.168.50.x or whatever. the PC'S on the lan need to use the same ip or obtain ip address automatically.


on the system status page > System Information are you using standard or enhanced firmware?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:ondrejko1
ID: 17796690
i am using standard firmware
0
 

Author Comment

by:ondrejko1
ID: 17796734
"205.x.x.x address did you get that from your ISP?"

That is my main machine IP.. yes, they gave me that address.  Does this make a difference?

0
 

Author Comment

by:ondrejko1
ID: 17811558
I can download the enhanced firmware if that helps..
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 17813513
Have you configured the lan and wan settings in the firewall? your above lan and wan addresses go in the network > settings page in the sonicwall.
0
 

Author Comment

by:ondrejko1
ID: 17813594
yes, they have. I called sonic wall and they said i have to use 1 to 1 nat.  Remember, the servers right now have public IP's assigned to them.  So my question is now is i guess i have to change the server IP settings to private.  However, since we run a DNS server on the other side for public IP's, how does that work?

These are my settings currently.
Under network settings            IP      Subnet
WAN      NAT Enabled      205.252.89.211      255.255.255.0
LAN            192.168.168.168      255.255.255.0

DNS            205.177.10.10      
DNS2            199.0.216.222      


one to one nat      Private Begin      Public Begin      Length
      192.168.168.10      206.161.205.97      27
      192.168.168.38      206.161.205.125      1

0
 
LVL 7

Accepted Solution

by:
jasonpaine earned 500 total points
ID: 17815995
you can assign private IP's to the servers then your above setting will work, what type of servers are you using? with windows servers you use the IP of the domain controller 192.168.168.x as your internal dsn server and you use forwarders and root hints for extrenal dns http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 

Author Comment

by:ondrejko1
ID: 18003271
It is not possible with the above settings.  Please close question.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now