SonicWall firewall with Mixed NAT and Transparent Modes

I have always Sonicwall firewalls in NAT mode on the LAN interface. I now have some IP devices that the vendor says cannot use NAT in order to obtain a public IP address.  These devices have to sit on my LAN interface so I can't simply put them on the DMZ and use transparent mode.  This firewall is primarily used as an ISP router with customers behind it.  It works great for that but having to assign public IPs to devices on the LAN interface has now caused a problem.  

My question is if SonicWall enhanced or standard support this type of configuration and if so are there some examples anywhere on the Internet to show how to configure it?  My other question is, would there be a better device suited for this type of application so i could pass Public IPs through the same network where I have private IPs without using NAT?  Thanks for any help.
KCodyAsked:
Who is Participating?
 
AlwaysOn_ITConnect With a Mentor Commented:
Ahh I see.  You can take a cable from the DMZ, and connect it to your local switches, configure transparent mode, then assign the public IPs to the devices.    A public and private scheme can both exist on the same switch, even though they will be physically connected, logically they will remain seperate from eachother and function as if they were on seperate switches.

Disregard the 2nd comment, I thought you meant that you wanted to assign public IPs on the local side of a NAT.
0
 
AlwaysOn_ITCommented:
The only way to do this would be to connect the private switch to the public network, and then assign both private and public IPs on the device in question, with it's default gateway on the public network.  This would allow it to communicate locally with the local PCs, and go straight out to the internet with it's public IP.  Not recommended for security reasons, but it would work.  Whether or not the devices support 2 IPs is a whole different matter.

What type of devices are they that they need to be locally accessible and have a public IP?  Couldn't you use firewall rules to give whatever local device the access it needs to the DMZ to get to this device?
0
 
AlwaysOn_ITCommented:
Also FYI, you cannot use NAT with public IPs, NAT is what makes a private network private.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
KCodyAuthor Commented:
I don't have to be able to access them from the private network, only through the Internet.  However, they have to be connected to the same switches as my private network devices in order to get back to my  firewall (they are located several miles away via fiber.  They would be statically assigned public IPs but they cannot be NAT'd or they cannot communicate as needed. I have yet to actually test if they cannot work via NAT but the vendor assures me they will not.    

I understand what you are trying to say as far as NAT and public IPs but actually the way you worded it makes it sound like public addresses can't be NAT'd when they can be.  Public IPs coming from the WAN side can be NAT'd to a private IP on the LAN side.  I assume you realize this and just awkwardly worded your 2nd comment.
0
 
AlwaysOn_ITCommented:
Here's a quick mspaint diagram of what i'm talking about
privpub.png
0
 
KCodyAuthor Commented:
I didn't even think about connecting both interfaces to the switch thus basically providing two gateways.  I think this will work for what I need to do, thanks!
0
 
AlwaysOn_ITCommented:
Always glad to help :-) did this get you what you needed?
0
 
KCodyAuthor Commented:
Yes!
0
All Courses

From novice to tech pro — start learning today.