Link to home
Create AccountLog in
Hardware Firewalls

Hardware Firewalls

--

Questions

--

Followers

Top Experts

Avatar of Rodder79
Rodder79

Setup a DMZ Zone on a Sonicwall Pro 2040
In our office we have a sonicwall pro 2040. One "outside" IP address going to the X1 port. The X0 port is for our internal network of 10.10.10.x . On the internal network we have our server 2003 DC box, and we have a exchange 2007 server box that handles everything on it ie CAS, HUB, MAILBOXES, etc... we have port 80 and 443 port forwarded to the exchange box for the OWA feature. Now we want to add a Web Server for our websites. So we want to setup a DMZ and put the web server in there. What is the best way to set everthing up? We do have more "outside" ip addresses available. Thanks everyone!

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

SOLUTION
Avatar of dpk_waldpk_wal๐Ÿ‡ฎ๐Ÿ‡ณ

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Avatar of ccomleyccomley๐Ÿ‡ฌ๐Ÿ‡ง

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of Rodder79Rodder79

ASKER

ccomley,

"You need either a 1:1 NAT mapping of an entire public ip address to (say) 172.30.0.1 - whatever you put the web server on - or you need to map ni at least ports 80 and 443. "

There is my only lost part. Setting up the 1:1 NAT. ย I have the DMZ setup with an IP scheme of 10.10.11.1 and the web server has an IP of 10.10.11.50 lets say. But not sure how to setup the 1:1 NAT for the Public IP address.

Per what DPK WAL says, I click on the networks tab, I have a NAT Policies tab, but not one for 1:1 Nat

Thanks for all your guyz help!

Mike
Avatar of ccomleyccomley๐Ÿ‡ฌ๐Ÿ‡ง

1:1 Nat is the default type - map the public IP address for the server (212.123..... or whatever) to it's private address (10.10.11.50).

The Public Server Wizard can probably do this for you!

Avatar of dpk_waldpk_wal๐Ÿ‡ฎ๐Ÿ‡ณ

Which version of software are you running on the device.
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of Rodder79Rodder79

ASKER

Sonic OS Enhanced 4.0
Avatar of ccomleyccomley๐Ÿ‡ฌ๐Ÿ‡ง

Then go to Networks / NAT Policies page and click the Public Server Setup wizard top right. Feed in the public IP address you've chosen for the new server, and the private (DMZ) IP address, and it will do the rest! Then you just have to create a suitable Permit rule in the "WAN to DMZ block" to allow access to ports 80, 443, etc. as may be required.

Avatar of Rodder79Rodder79

ASKER

Think I got it. ย Thanks to both of you two. You were a lot of help!
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Hardware Firewalls

Hardware Firewalls

--

Questions

--

Followers

Top Experts

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.