Accessing public web site from inside firewall

Because you are using the same WAN IP for your SonicWALL and website the SW ports 80 and 443 are being redirected to the SW so that you can manage it externally.  You are going to need to setup another one of your Public IPs to map to your webserver.  Then setup two rules to forward ports 80 & 443 to the webserver.  

Easy solution would be to create a A record in your DNS (if you have an internal DNS).

Say your internal domain is company.com and your public web address is www.company.com, then go to your internal dns server, create an A record for www.company.com and point it to the internal ip address. This facilitates all the internal users and external users to be using the same url but the ip used would be different based on whether you're internal or external - transparent to the user.

Cheers,
Rajesh

I can't add an A record that way because the windows domain name and Internet domain name are not the same.  Unless I'm just not understanding.

bluetab, I do have a half-dozen public IPs I am not using, but unfortunately, they are on a different subnet.  For some reason, my ISP gave me one usable IP on one subnet and six others on a completely different subnet.  I guess I blew it when I decided to put my DSL modem in bridge mode and terminate the 1 IP on the SW WAN port.

Can the SW handle IPs from different subnets on the single WAN interface?  What can I do short of changing the publicly published IP address to use the other IPs?  I was thinking...take the DSL modem out of bridge mode, turn off NAT in the DSL modem, and get another SW and configure it for the other bank of IPs.  An I thinking right?

Still you could do it. Create a new forward lookup zone for your internet domain in local dns server and add the record in that.

Cheers,
Rajesh

A primary zone, secondary zone, or stub zone?  I tried all three and couldn't make it work.

CoderNotIT, I'm assuming you have the DNS for your external domain hosted by the company you registered the domain through.  If this is the case adding an A record won't solve the problem.  

The SW can't do public IPs in different subnets on a single WAN port.  It' not uncommon for your ISP to give you two different blocks of IPs.  The idea is that the single IP will go on the WAN port of your DSL modem.  Your block of five or six will go on the LAN port of the modem.  It's a real pain when they do that.  SBC/ATT is notorious for this.  

What I would recommend doing is calling your ISP and tell them that you want to take your modem out of bridged mode so that it turns back into a router.  This will allow you to use all of your IP addresses on the inside.  Your ISP should be able to remotely connect to the modem and do this for you or at least walk you through step by step.  I've had to do this with ATT several times and it takes about an hour from the initial phone call.  The hardest part is getting through to second level support to someone that can do this for you.  

Once you take the modem out of bridged mode you can reconfigure the SW with one of the Public IPs and then use another one of the IPs to point to the server.

bluetab, you are correct that the DNS for my public domain/IPs is external.  And I'm agreeing that an A record or any other kind of record I can create in my internal DNS won't solve this.

This ISP was SBC (is ATT) and that's exactly what they did.

If I do what you recommend, though, I think I'm going to have at least some disruption to my business as I will have to change the public DNS pointer to my web/mail server (not to mention the email filtering company).  I may still do this, because the disruption might be worth it, but what about my idea of taking the DSL modem out of bridge mode myself and putting another SW behind it to handle the second subnet?  (I called AT&T and they claim that there is nothing I (or they) need to do but take the modem out of bridge mode to be able to handle the second block of IPs.)  

If you take the modem out of bridged mode and configure it as a router it's going to need to use that single IP address that is currently on the SW.  So you will have to change the WAN IP of the SW to one of the IPs on the other subnet.  (ATT is wrong, you have to take the modem out of bridged mode to use the second subnet)

Make sure you get through to ATT second tier support. Tell first tier that you need to reconfigure the router and hopefully they'll transfer you, if not you just have to keep being insistent upon it. I've had to use almost every trick in the book but when you get to second tier life is easy.

I would schedule to do this on Friday afternoon.  That way you will have the least amount of disruption as the DNS can propogate over the weekend.  

bluetab, what you say makes sense --  I just want to clear up what you meant by ATT is wrong.  They said the modem needed to be taken out of bridge mode.  I think their point though was that I had to do it because when the modem is in bridge mode it has no IP to manage it with.  So if I reset it to the factory defaults and can manage to get the WAN port configured with the old single IP, then the other subnet should be able to just flow through to the SW.  When I said they said there was nothing else to do, that did not include reconfiguring the DSL modem.  Is that what you say they are wrong about?