Solved

dmz subnet is outside of wan subnet sonicwall NSA 2400

Posted on 2009-03-30
3
1,664 Views
Last Modified: 2012-05-06
then assigned ip addresses provided to us are 123.123.123.1/255.255.255.224 while the wan ip address 111.111.111.229/255.255.255.252  

x0:lan - 192.168.168.1/255.255.255.0
x1:wan - 111.111.111.229/255.255.255.252
x2:dmz(?)
x3:
x4:
x5:

how do I apply the 123.123.123.1/255.255.255.224 addresses to the dmz? and to nat addresses?   I know how when I set the subnet to wan 255.255.0.0 but that results is blocked traffic and obviously incorrect.  so I already have the address objects etc. defined.  
I just need to know how to apply the assigned ip range to an interface which falls outside of the wan subnet.

0
Comment
Question by:DVDude_1
  • 2
3 Comments
 
LVL 16

Expert Comment

by:ccomley
ID: 24027257
Set the DMZ up as a SEPARTE private range, and NAT taht on to a differen't ip addres or set of addresses in the publich range available. e.g.

LAN = 192.168.168.1/24
WAN = 111.111.111.229/28
DMZ = 172.30.0.1/24

LAN email server (say) at 192.168.168.33  - NAT 1:1 mapping to 111.111.111.231
DMZ web server (say) at 172.30.0.24  - NAT 1:1 mapping to 111.111.111.232

0
 
LVL 1

Author Comment

by:DVDude_1
ID: 24043727
so move it completely from an externla dmz to an internal network with natting...  ok..   just asking because the setup of the 2400 is quite a bit different that the 2040pro(standardOS) that it is replacing.
0
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 24048162
Yes. Well, like the 2040, you *can* if you choose set the interface up as Transparent but unless you are running something which REALLY doesn't like NAT, a private range and NAT mapping would be by far the easiest route.

Then your LAN to DMZ routes, if any, are simply from private range to private range.

It's still "external" as far as your LAN zone(s) are concerned, i.e. traffic from DMZ to LAN still has to re-pass the firewall and be matched by DMZ-to-LAN rulesets or it won't happen, so a compromise of a DMZ host does not expose your LAN to the baddies.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Update HP 4300 SAN from OS 9 to 12 without loosing data. 3 96
SCCM 2012 - PXE WinPE - Boot Resolution Low 10 34
IP Calculator 10 56
display iPhone Wifi network name 19 80
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now