actpartner
asked on
Upgrading from Watchguard FB1000 to SonicWALL NSA 2400. How can "DROP IN" mode be achieved on SonicWALL?
Hello. I am upgrading the firewall/router for a customer who is currently using a Watchguard FB1000 appliance. We are moving them to a SonicWALL NSA 2400. In attempting to duplicate the configuration I have found that the FB1000 is using "Drop In" mode. They have a range of public IP addresses with the main public IP (xxx.xxx.xxx.94) being aliased on all three ports (WAN, LAN, DMZ) of the FB1000. The DMZ segment has a public server attached with the server using one of their other public IP's statically assigned to it's NIC (xxx.xxx.xxx.95) and a gateway of (xxx.xxx.xxx.94). They have VPN tunnels that terminate at both of these public IP's. How can this scenario (drop in mode with aliased public IP on multiple ports) be accomplished using the NSA 2400 enhanced firmware? Please advise and thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Indeed, you can mix "transparent" on DMZ with "normal" routed on LAN, it's quit flexible when you get your head around it. Have fun!
ASKER
Thanks. Here is what I did and we are getting the results that we wanted.
WAN interface has static IP from ISP.
DMZ interface configured in transparent mode with WAN range (xxx.xxx.xxx.95-99) as network which makes the gateway for this segment (xxx.xxx.xxx.94) same as WAN IP.
Thanks again.