Solved

SonicWall firewall with Mixed NAT and Transparent Modes

Posted on 2010-09-16
8
1,152 Views
Last Modified: 2013-11-16
I have always Sonicwall firewalls in NAT mode on the LAN interface. I now have some IP devices that the vendor says cannot use NAT in order to obtain a public IP address.  These devices have to sit on my LAN interface so I can't simply put them on the DMZ and use transparent mode.  This firewall is primarily used as an ISP router with customers behind it.  It works great for that but having to assign public IPs to devices on the LAN interface has now caused a problem.  

My question is if SonicWall enhanced or standard support this type of configuration and if so are there some examples anywhere on the Internet to show how to configure it?  My other question is, would there be a better device suited for this type of application so i could pass Public IPs through the same network where I have private IPs without using NAT?  Thanks for any help.
0
Comment
Question by:KCody
  • 5
  • 3
8 Comments
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33694954
The only way to do this would be to connect the private switch to the public network, and then assign both private and public IPs on the device in question, with it's default gateway on the public network.  This would allow it to communicate locally with the local PCs, and go straight out to the internet with it's public IP.  Not recommended for security reasons, but it would work.  Whether or not the devices support 2 IPs is a whole different matter.

What type of devices are they that they need to be locally accessible and have a public IP?  Couldn't you use firewall rules to give whatever local device the access it needs to the DMZ to get to this device?
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33694971
Also FYI, you cannot use NAT with public IPs, NAT is what makes a private network private.
0
 

Author Comment

by:KCody
ID: 33695109
I don't have to be able to access them from the private network, only through the Internet.  However, they have to be connected to the same switches as my private network devices in order to get back to my  firewall (they are located several miles away via fiber.  They would be statically assigned public IPs but they cannot be NAT'd or they cannot communicate as needed. I have yet to actually test if they cannot work via NAT but the vendor assures me they will not.    

I understand what you are trying to say as far as NAT and public IPs but actually the way you worded it makes it sound like public addresses can't be NAT'd when they can be.  Public IPs coming from the WAN side can be NAT'd to a private IP on the LAN side.  I assume you realize this and just awkwardly worded your 2nd comment.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 1

Accepted Solution

by:
AlwaysOn_IT earned 500 total points
ID: 33695262
Ahh I see.  You can take a cable from the DMZ, and connect it to your local switches, configure transparent mode, then assign the public IPs to the devices.    A public and private scheme can both exist on the same switch, even though they will be physically connected, logically they will remain seperate from eachother and function as if they were on seperate switches.

Disregard the 2nd comment, I thought you meant that you wanted to assign public IPs on the local side of a NAT.
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33695383
Here's a quick mspaint diagram of what i'm talking about
privpub.png
0
 

Author Comment

by:KCody
ID: 33703804
I didn't even think about connecting both interfaces to the switch thus basically providing two gateways.  I think this will work for what I need to do, thanks!
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
ID: 33735731
Always glad to help :-) did this get you what you needed?
0
 

Author Comment

by:KCody
ID: 33735758
Yes!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 183
Ping Through ASA Firewall 6 46
Cisco VPN client v5 migration to Anyconnect VPN? 8 52
Router Question 12 56
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question