kallatech
asked on
Need to kniow specifics on how to configure a sonicwall tz100 for two wan gateways.
I have a tz100 that has x0, x1, and x2.
X0 is setup as the lan with a 10.x.x.x
x1 is setup as wan side
x2 I need to hook to a different isp.
I want my servers to use the x2 wan connection for internet and everything else to remain on the x1 for internet.
I was thinking I could setup two gateways the 10.x.x.x natted to the x1 wan side gives access to the computers.
Would I just put the ip address of the x2 side in the gateway box of my 2003 servers and then setup dns forwarders?
How does the sonicwall translate or nat to x2 since x1 is already natted to x0?
X0 is setup as the lan with a 10.x.x.x
x1 is setup as wan side
x2 I need to hook to a different isp.
I want my servers to use the x2 wan connection for internet and everything else to remain on the x1 for internet.
I was thinking I could setup two gateways the 10.x.x.x natted to the x1 wan side gives access to the computers.
Would I just put the ip address of the x2 side in the gateway box of my 2003 servers and then setup dns forwarders?
How does the sonicwall translate or nat to x2 since x1 is already natted to x0?
DO you have SonicOS Standard or Enhanced?
No the default gateway of the servers remain the same, the LAN-ip of your Sonicwall. You will have to create NAT-policies for your servers.
ASKER
Enhanced
So you are saying that I will have to create the nat policy through the sonicwall and direct the traffic out the x2 interface?
So you are saying that I will have to create the nat policy through the sonicwall and direct the traffic out the x2 interface?
ASKER
How would I set one of those policies up?
Source: servers private (create a group of your server addresses)
Translated: secondary default gateway
Original destination: Any
Translated destination: original
original service: any
translated service: original
inbound interface: any
Outbound interface: X2
(or something like that, I am not able to check it right now, I hope someone can verify)
Translated: secondary default gateway
Original destination: Any
Translated destination: original
original service: any
translated service: original
inbound interface: any
Outbound interface: X2
(or something like that, I am not able to check it right now, I hope someone can verify)
sry, I think Translated: 'secondary default gateway' should be 'X2 IP'
ASKER
Would I do something like
source > firewalled subnets
translated > x2 interface name
destination original > x2 interface name
translated> ip address of internal server on the lan
service> http or any
translated > original
inbound > x2 interface name
outbound > x2 interface name
source > firewalled subnets
translated > x2 interface name
destination original > x2 interface name
translated> ip address of internal server on the lan
service> http or any
translated > original
inbound > x2 interface name
outbound > x2 interface name
nope
natpolicy.png
natpolicy.png
I am using X3, not X2
But your Original source has to be changed! It is only for your servers.
ASKER
source > ip address of server
so that takes care of the traffice going out but what about traffic coming in?
so that takes care of the traffice going out but what about traffic coming in?
You can also try running the public server wizard, this takes care of the inbound, outbound and loopback policy as well as your firewall rules.
ASKER
source > ip address of internal server
translated > x2 interface name
destination original > any
translated> original
service> http or any
translated > original
inbound > x0
outbound > x2 interface name
The above setup would work for outbound traffic but what about inbound traffic?
translated > x2 interface name
destination original > any
translated> original
service> http or any
translated > original
inbound > x0
outbound > x2 interface name
The above setup would work for outbound traffic but what about inbound traffic?
Just for fun, try the public server wizard, only for the http service and see what it does. Make a printscreen before and after (nat policies and firewall).
You can change the service when it opens too much for you.
ASKER
for inbound traffic
source >x2
translated > group of servers
destination original > any
translated> original
service> http or any
translated > original
inbound > x2
outbound >xo
source >x2
translated > group of servers
destination original > any
translated> original
service> http or any
translated > original
inbound > x2
outbound >xo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay I will try that.
ASKER