Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SonicWall firewall with Mixed NAT and Transparent Modes

Posted on 2010-09-16
8
Medium Priority
?
1,186 Views
Last Modified: 2013-11-16
I have always Sonicwall firewalls in NAT mode on the LAN interface. I now have some IP devices that the vendor says cannot use NAT in order to obtain a public IP address.  These devices have to sit on my LAN interface so I can't simply put them on the DMZ and use transparent mode.  This firewall is primarily used as an ISP router with customers behind it.  It works great for that but having to assign public IPs to devices on the LAN interface has now caused a problem.  

My question is if SonicWall enhanced or standard support this type of configuration and if so are there some examples anywhere on the Internet to show how to configure it?  My other question is, would there be a better device suited for this type of application so i could pass Public IPs through the same network where I have private IPs without using NAT?  Thanks for any help.
0
Comment
Question by:KCody
  • 5
  • 3
8 Comments
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33694954
The only way to do this would be to connect the private switch to the public network, and then assign both private and public IPs on the device in question, with it's default gateway on the public network.  This would allow it to communicate locally with the local PCs, and go straight out to the internet with it's public IP.  Not recommended for security reasons, but it would work.  Whether or not the devices support 2 IPs is a whole different matter.

What type of devices are they that they need to be locally accessible and have a public IP?  Couldn't you use firewall rules to give whatever local device the access it needs to the DMZ to get to this device?
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33694971
Also FYI, you cannot use NAT with public IPs, NAT is what makes a private network private.
0
 

Author Comment

by:KCody
ID: 33695109
I don't have to be able to access them from the private network, only through the Internet.  However, they have to be connected to the same switches as my private network devices in order to get back to my  firewall (they are located several miles away via fiber.  They would be statically assigned public IPs but they cannot be NAT'd or they cannot communicate as needed. I have yet to actually test if they cannot work via NAT but the vendor assures me they will not.    

I understand what you are trying to say as far as NAT and public IPs but actually the way you worded it makes it sound like public addresses can't be NAT'd when they can be.  Public IPs coming from the WAN side can be NAT'd to a private IP on the LAN side.  I assume you realize this and just awkwardly worded your 2nd comment.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 1

Accepted Solution

by:
AlwaysOn_IT earned 2000 total points
ID: 33695262
Ahh I see.  You can take a cable from the DMZ, and connect it to your local switches, configure transparent mode, then assign the public IPs to the devices.    A public and private scheme can both exist on the same switch, even though they will be physically connected, logically they will remain seperate from eachother and function as if they were on seperate switches.

Disregard the 2nd comment, I thought you meant that you wanted to assign public IPs on the local side of a NAT.
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33695383
Here's a quick mspaint diagram of what i'm talking about
privpub.png
0
 

Author Comment

by:KCody
ID: 33703804
I didn't even think about connecting both interfaces to the switch thus basically providing two gateways.  I think this will work for what I need to do, thanks!
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33735731
Always glad to help :-) did this get you what you needed?
0
 

Author Comment

by:KCody
ID: 33735758
Yes!
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question