Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall install using a CIDR block

Posted on 2010-08-13
6
Medium Priority
?
2,558 Views
Last Modified: 2013-11-16
I have a sonicwall 210w Cox our ISP gave us a CIDR WAN ip subnet 154.78.111.16  mask .224 and gateway

They also gave us a Virtual Cidr subnet 154.79.154.17 (not the real IP) mask .240
usable .18 to.30  gateway .17

Does anyone have experience configuring this setup with a sonicwall. I know You assign the WAN IP to the WAN interface and then create a address group for the "virtual CDIR subnet"

But how is this done.


0
Comment
Question by:Mike000001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 6

Expert Comment

by:castellansolutions
ID: 33435046
Well normally if (you sonicwall is up and running and working correctly, able to browse etc) you would add a new object assign it the zone of wan and set the ip within your existing range.

so if my firewall ip is this

123.124.22.221
and i have a subnet of 255.255.255.248 (/29)
gateway: 123.124.22.220
then i would set as an additional ip:

123.124.22.222 assign it to zone WAN then create a nat rule to allow the correct traffic.

Is this what you wanted?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33435051
Their hardware will route this traffic to the primary public IP that you now have configured for your sonicwall.  What are your plans with the extra public IP addresses?  You could test this by running the Public Server Wizard for RDP access to an internal workstation....as a test.  You can delete the rule when done.I have a client that has assigned us a public IP address, but a series of public IP addresses that do not fall within the range of the one assigned to the WAN interface of the sonicwall.
0
 

Author Comment

by:Mike000001
ID: 33451469
I have everything working now

castellansolutions: is right about adding a network CIDR subnet to the WAN interface but no NAT rule is needed "I was expecting to need a NAT rule"

Now here is a question, of all the CIDR IP's  that went to the proper web servers. No other ip's in the CIDR block worked. I know the firewall rules were correct.
After escalating with COX

(by the way they gave us a wrong CIDR block at the cutover. I made 10 DNS changes. And after COX discovered it was the wrong block a day later, they gave us a new block after my client had some words with them) and I had to change the DNS again, and all my address objects.

I worked quite a while on making sure every thing was right on my end.
So here is the question one of the CIDR ip'sworked as it should have, sending mail and OWA to our exchange server. But none other in the block worked.

Monday morning 7:30 I call COX after being up all night.They escalate and without me changing anything on my end in 20 min, everything works 5 web sites that were not accessible even via IP now work by DNS, VPN works...

What did they do?  Arp issue on a router?

Any ideas what COX did.
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 6

Accepted Solution

by:
castellansolutions earned 1500 total points
ID: 33451496
What did they do?  Arp issue on a router?


I dont know if my answer will be correct but (Or if it applies in this siutaion).... there is a specific type of Security Feature that newer Sonicwalls employ: I think its os enhanced 5.2 and greater...

Here is how it works:

1. Your WAN interface is setup as an IP range of 24.24.24.123 upto 24.24.24.129 / 29 (or so)
this is plugged into your routers "WAN" port - from your sonicwall's WAN port.
2. Your ISP has a configuration setup (lets say on the adtran bridge) that has a configuration for your IP's, Right...

If the IP range or Subnet is different on the (Adtran) vs the (SOnicwall) - then the sonicwall will drop arp requests from the Adtran to the SOnicwall - therefore dropping your connection.

But it always works if you reboot the sonicwall, for about 20 minutes.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33451503
Yes...as I indicated here, http:#a33435051, their routers route to your sonicwall.  They must not have had the routes setup properly.  Glad it's working for you now.
0
 

Author Closing Comment

by:Mike000001
ID: 33474675
Its a difficult question with many factors thanks for the info about the sonicwall interfaces
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question