Need to kniow specifics on how to configure a sonicwall tz100 for two wan gateways.

I have  a tz100 that has x0, x1, and x2.
X0 is setup as the lan with a 10.x.x.x
x1 is setup as wan side
x2 I need to hook to a different isp.
I want my servers to use the x2 wan connection for internet and everything else to remain on the x1 for internet.
I was thinking I could setup two gateways the 10.x.x.x natted to the x1 wan side gives access to the computers.
Would I just put the ip address of the x2 side in the gateway box of my 2003 servers and then setup dns forwarders?
How does the sonicwall translate or nat to x2 since x1 is already natted to x0?
kallatechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kallatechAuthor Commented:
Or do I need to setup another lan port on the sonicwall?
0
Cas KristCommented:
DO you have SonicOS Standard or Enhanced?
0
Cas KristCommented:
No the default gateway of the servers remain the same, the LAN-ip of your Sonicwall. You will have to create NAT-policies for your servers.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

kallatechAuthor Commented:
Enhanced
So you are saying that I will have to create the nat policy through the sonicwall and direct the traffic out the x2 interface?
0
kallatechAuthor Commented:
How would I set one of those policies up?
0
Cas KristCommented:
Source: servers private (create a group of your server addresses)
Translated: secondary default gateway
Original destination: Any
Translated destination: original
original service: any
translated service: original
inbound interface: any
Outbound interface: X2

(or something like that, I am not able to check it right now, I hope someone can verify)
0
Cas KristCommented:
sry, I think Translated: 'secondary default gateway' should be 'X2 IP'
0
kallatechAuthor Commented:
Would I do something like
source > firewalled subnets
translated > x2 interface name
destination original > x2 interface name
translated> ip address of internal server on the lan
service> http or any
translated > original
inbound > x2 interface name
outbound > x2 interface name
0
Cas KristCommented:
0
Cas KristCommented:
I am using X3, not X2
0
Cas KristCommented:
But your Original source has to be changed! It is only for your servers.
0
kallatechAuthor Commented:
source > ip address of server


so that takes care of the traffice going out but what about traffic coming in?
0
Cas KristCommented:
You can also try running the public server wizard, this takes care of the inbound, outbound and loopback policy as well as your firewall rules.
0
kallatechAuthor Commented:
source > ip address of internal server
translated > x2 interface name
destination original > any
translated> original
service> http or any
translated > original
inbound > x0
outbound > x2 interface name

The above setup would work for outbound traffic but what about inbound traffic?
0
Cas KristCommented:
Just for fun, try the public server wizard, only for the http service and see what it does. Make a printscreen before and after (nat policies and firewall).
0
Cas KristCommented:
You can change the service when it opens too much for you.
0
kallatechAuthor Commented:
for inbound traffic
source >x2
translated > group of servers
destination original > any
translated> original
service> http or any
translated > original
inbound > x2
outbound >xo

0
Cas KristCommented:
Here you get an example of the NAT policies created by the public server wizard.
rule 17 is the loopback policy, 18 is outboud, 19 is inbound.
natpolicy.png
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kallatechAuthor Commented:
Okay I will try that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.