[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4978
  • Last Modified:

Need to forward multiple Public IP addresses with SonicWall TZ100

I have a Sonicwall TZ100 (enhanced OS) and a cable modem. I have two IP addreses. The main IP address is assigned to the WAN interface of the SonicWall and forwards port 443 to my Outlook Web Access Server.
I have a LOB application that also needs to use port 443 (SSL). What I want to do is to use my second IP to forward TCP 443 to the server with the LOB app.  I know this can be done as is is described in "http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_23102558.html?sfQueryTermInfo=1+address+forward+how+ip+multipl+port+public+sonicwal+us
and
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_23102558.html?sfQueryTermInfo=1+address+forward+how+ip+multipl+port+public+sonicwal+us.

The second link seems to be the answer. I have ran  the wizard and looked as best as I can at the actions described and everything looks correct - I am not able to connect from outside using this ip. I have verified that I can access the site from within the local subnet so I know the website is up.

Please assist.
Thank you.
0
summit_pcguy
Asked:
summit_pcguy
1 Solution
 
n7oknCommented:
On the TZ170, you can put the WAN interface in passthrough mode, so that one IP address goes to one device on the LAN and the other goes to the other. You give up the ability for your LAN to have a private address. All the firewall rules still work, and you can only see the actual TZ170 from the DMZ.  It's tricky to set up, and I remember it didn't like to accept the commands, but once it did, it worked great. You can also set the WAN interface for one of the IP addresses, and specify the other addresses (range of IP addresses) to appear at the DMZ port.  Let me know if you'd like help setting this up. I might have to re-scratch my head over this, but I think I can recreate it.
0
 
jmilczekCommented:
Some cable modems require that you pull additional IPs via DHCP (usually residential accounts are this way). Assuming this isn't the case, here's what you need to do:
1) Network > Address Objects, Add object for 2nd WAN IP...Zone: WAN, Type: Host
2) Network > Address Objects, Add object for Internal server IP...Zone: LAN, Type: Host
3) Network > Nat Policies > Add, Original Source: ANY, Translated Source: Original, Original Destination: Address Object from step 1, Translated Destination: Address Object in step 2, Original Service: Any, Translated Service: Original
Leave Inbound/Outbound interface set to Any. Check box for "Create a reflexive policy".
4) Network > Nat Policies > Add, Original Source: Firewalled Subnets, Translated Source: WAN Interface IP, Original Destination: Address Object from step 1, Translated Destination: Address Object in step 2, Original Service: Any, Translated Service: Original
Leave Inbound/Outbound interface set to Any.
5) Firewall > Access Rules > Add, WAN to LAN, Service: HTTPS, Source: Any, Destination: Address Object from step 1

Most people screw up step 5 and make the destination the private IP instead of the public IP.
Alternatively, this can be done via the wizard...just be sure to change the public IP address to your 2nd address when you reach that step of the wizard.
 
-Jason
0
 
summit_pcguyAuthor Commented:
Thanks! That worked!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now