Avatar of actpartner
actpartner asked on

Upgrading from Watchguard FB1000 to SonicWALL NSA 2400. How can "DROP IN" mode be achieved on SonicWALL?

Hello. I am upgrading the firewall/router for a customer who is currently using a Watchguard FB1000 appliance. We are moving them to a SonicWALL NSA 2400. In attempting to duplicate the configuration I have found that the FB1000 is using "Drop In" mode. They have a range of public IP addresses with the main public IP (xxx.xxx.xxx.94) being aliased on all three ports (WAN, LAN, DMZ) of the FB1000. The DMZ segment has a public server attached with the server using one of their other public IP's statically assigned to it's NIC (xxx.xxx.xxx.95) and a gateway of (xxx.xxx.xxx.94). They have VPN tunnels that terminate at both of these public IP's. How can this scenario (drop in mode with aliased public IP on multiple ports) be accomplished using the NSA 2400 enhanced firmware? Please advise and thanks in advance.
Hardware FirewallsRouters

Avatar of undefined
Last Comment
ccomley

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
ccomley

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
actpartner

ccomley-
Thanks. Here is what I did and we are getting the results that we wanted.

WAN interface has static IP from ISP.
DMZ interface configured in transparent mode with WAN range (xxx.xxx.xxx.95-99) as network which makes the gateway for this segment (xxx.xxx.xxx.94) same as WAN IP.

Thanks again.
ccomley

Indeed, you can mix "transparent" on DMZ with "normal" routed on LAN, it's quit flexible when you get your head around it. Have fun!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck