AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Rodder79
Rodder79
 asked on

Setup a DMZ Zone on a Sonicwall Pro 2040

In our office we have a sonicwall pro 2040. One "outside" IP address going to the X1 port. The X0 port is for our internal network of 10.10.10.x . On the internal network we have our server 2003 DC box, and we have a exchange 2007 server box that handles everything on it ie CAS, HUB, MAILBOXES, etc... we have port 80 and 443 port forwarded to the exchange box for the OWA feature. Now we want to add a Web Server for our websites. So we want to setup a DMZ and put the web server in there. What is the best way to set everthing up? We do have more "outside" ip addresses available. Thanks everyone!
Software FirewallsHardware Firewalls
Avatar of undefined
Last Comment
Rodder79
8/22/2022 - Mon
SOLUTION
dpk_wal
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
ccomley
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Rodder79
ASKER
ccomley,

"You need either a 1:1 NAT mapping of an entire public ip address to (say) 172.30.0.1 - whatever you put the web server on - or you need to map ni at least ports 80 and 443. "

There is my only lost part. Setting up the 1:1 NAT.  I have the DMZ setup with an IP scheme of 10.10.11.1 and the web server has an IP of 10.10.11.50 lets say. But not sure how to setup the 1:1 NAT for the Public IP address.

Per what DPK WAL says, I click on the networks tab, I have a NAT Policies tab, but not one for 1:1 Nat

Thanks for all your guyz help!

Mike
ccomley
1:1 Nat is the default type - map the public IP address for the server (212.123..... or whatever) to it's private address (10.10.11.50).

The Public Server Wizard can probably do this for you!

dpk_wal
Which version of software are you running on the device.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Rodder79
ASKER
Sonic OS Enhanced 4.0
ccomley
Then go to Networks / NAT Policies page and click the Public Server Setup wizard top right. Feed in the public IP address you've chosen for the new server, and the private (DMZ) IP address, and it will do the rest! Then you just have to create a suitable Permit rule in the "WAN to DMZ block" to allow access to ports 80, 443, etc. as may be required.

Rodder79
ASKER
Think I got it.  Thanks to both of you two. You were a lot of help!
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent