Solved

SonicWall firewall with Mixed NAT and Transparent Modes

Posted on 2010-09-16
8
1,145 Views
Last Modified: 2013-11-16
I have always Sonicwall firewalls in NAT mode on the LAN interface. I now have some IP devices that the vendor says cannot use NAT in order to obtain a public IP address.  These devices have to sit on my LAN interface so I can't simply put them on the DMZ and use transparent mode.  This firewall is primarily used as an ISP router with customers behind it.  It works great for that but having to assign public IPs to devices on the LAN interface has now caused a problem.  

My question is if SonicWall enhanced or standard support this type of configuration and if so are there some examples anywhere on the Internet to show how to configure it?  My other question is, would there be a better device suited for this type of application so i could pass Public IPs through the same network where I have private IPs without using NAT?  Thanks for any help.
0
Comment
Question by:KCody
  • 5
  • 3
8 Comments
 
LVL 1

Expert Comment

by:AlwaysOn_IT
Comment Utility
The only way to do this would be to connect the private switch to the public network, and then assign both private and public IPs on the device in question, with it's default gateway on the public network.  This would allow it to communicate locally with the local PCs, and go straight out to the internet with it's public IP.  Not recommended for security reasons, but it would work.  Whether or not the devices support 2 IPs is a whole different matter.

What type of devices are they that they need to be locally accessible and have a public IP?  Couldn't you use firewall rules to give whatever local device the access it needs to the DMZ to get to this device?
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
Comment Utility
Also FYI, you cannot use NAT with public IPs, NAT is what makes a private network private.
0
 

Author Comment

by:KCody
Comment Utility
I don't have to be able to access them from the private network, only through the Internet.  However, they have to be connected to the same switches as my private network devices in order to get back to my  firewall (they are located several miles away via fiber.  They would be statically assigned public IPs but they cannot be NAT'd or they cannot communicate as needed. I have yet to actually test if they cannot work via NAT but the vendor assures me they will not.    

I understand what you are trying to say as far as NAT and public IPs but actually the way you worded it makes it sound like public addresses can't be NAT'd when they can be.  Public IPs coming from the WAN side can be NAT'd to a private IP on the LAN side.  I assume you realize this and just awkwardly worded your 2nd comment.
0
 
LVL 1

Accepted Solution

by:
AlwaysOn_IT earned 500 total points
Comment Utility
Ahh I see.  You can take a cable from the DMZ, and connect it to your local switches, configure transparent mode, then assign the public IPs to the devices.    A public and private scheme can both exist on the same switch, even though they will be physically connected, logically they will remain seperate from eachother and function as if they were on seperate switches.

Disregard the 2nd comment, I thought you meant that you wanted to assign public IPs on the local side of a NAT.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Expert Comment

by:AlwaysOn_IT
Comment Utility
Here's a quick mspaint diagram of what i'm talking about
privpub.png
0
 

Author Comment

by:KCody
Comment Utility
I didn't even think about connecting both interfaces to the switch thus basically providing two gateways.  I think this will work for what I need to do, thanks!
0
 
LVL 1

Expert Comment

by:AlwaysOn_IT
Comment Utility
Always glad to help :-) did this get you what you needed?
0
 

Author Comment

by:KCody
Comment Utility
Yes!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now