Solved

SonicWall firewall with Mixed NAT and Transparent Modes

Posted on 2010-09-16
8
1,148 Views
Last Modified: 2013-11-16
I have always Sonicwall firewalls in NAT mode on the LAN interface. I now have some IP devices that the vendor says cannot use NAT in order to obtain a public IP address.  These devices have to sit on my LAN interface so I can't simply put them on the DMZ and use transparent mode.  This firewall is primarily used as an ISP router with customers behind it.  It works great for that but having to assign public IPs to devices on the LAN interface has now caused a problem.  

My question is if SonicWall enhanced or standard support this type of configuration and if so are there some examples anywhere on the Internet to show how to configure it?  My other question is, would there be a better device suited for this type of application so i could pass Public IPs through the same network where I have private IPs without using NAT?  Thanks for any help.
0
Comment
Question by:KCody
  • 5
  • 3
8 Comments
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33694954
The only way to do this would be to connect the private switch to the public network, and then assign both private and public IPs on the device in question, with it's default gateway on the public network.  This would allow it to communicate locally with the local PCs, and go straight out to the internet with it's public IP.  Not recommended for security reasons, but it would work.  Whether or not the devices support 2 IPs is a whole different matter.

What type of devices are they that they need to be locally accessible and have a public IP?  Couldn't you use firewall rules to give whatever local device the access it needs to the DMZ to get to this device?
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33694971
Also FYI, you cannot use NAT with public IPs, NAT is what makes a private network private.
0
 

Author Comment

by:KCody
ID: 33695109
I don't have to be able to access them from the private network, only through the Internet.  However, they have to be connected to the same switches as my private network devices in order to get back to my  firewall (they are located several miles away via fiber.  They would be statically assigned public IPs but they cannot be NAT'd or they cannot communicate as needed. I have yet to actually test if they cannot work via NAT but the vendor assures me they will not.    

I understand what you are trying to say as far as NAT and public IPs but actually the way you worded it makes it sound like public addresses can't be NAT'd when they can be.  Public IPs coming from the WAN side can be NAT'd to a private IP on the LAN side.  I assume you realize this and just awkwardly worded your 2nd comment.
0
 
LVL 1

Accepted Solution

by:
AlwaysOn_IT earned 500 total points
ID: 33695262
Ahh I see.  You can take a cable from the DMZ, and connect it to your local switches, configure transparent mode, then assign the public IPs to the devices.    A public and private scheme can both exist on the same switch, even though they will be physically connected, logically they will remain seperate from eachother and function as if they were on seperate switches.

Disregard the 2nd comment, I thought you meant that you wanted to assign public IPs on the local side of a NAT.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33695383
Here's a quick mspaint diagram of what i'm talking about
privpub.png
0
 

Author Comment

by:KCody
ID: 33703804
I didn't even think about connecting both interfaces to the switch thus basically providing two gateways.  I think this will work for what I need to do, thanks!
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33735731
Always glad to help :-) did this get you what you needed?
0
 

Author Comment

by:KCody
ID: 33735758
Yes!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now