[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 538
  • Last Modified:

Initial config of SonicWall router

Initial install of a SonicWall TZ200 router between our Windows Server 2003 LAN and the ISP's modem. Both the ISP and SW say that it should be easy, but I'm having a tough time setting up the WAN interface.

DHCP is done by our server (192.168.0.99). I'd like to set the TZ200 at a static IP of 192.168.0.98. The ISP modem has a public IP and is also the LAN's gateway at 192.168.0.1.

I've set the LAN interface at STATIC with the above info... no problem. But then, the WAN interface wants me to set an IP address. I've tried the 192.168.0.98/255.255.255.0, but it says that the "Subnet on this interface overlaps with another interface."

After conversations with the ISP, they're saying that we need to pay for an additional static public IP for the router. Or, that if I changed the modem to be the DHCP server that "should" work.

Big problem is that I have really limited opportunities to mess with this stuff on-site, so calling SonicWall tech support has been frustrating - it's hard to gauge when you'll get an actual tech on the phone - could be 5 minutes or 65 minutes.

Anyone have experience with this type of setup? Are these two options (additional static IP or change DHCP) the only ones I'm left with?

Thanks in advance!
0
Rick Nicholson
Asked:
Rick Nicholson
  • 11
  • 10
1 Solution
 
digitapCommented:
You can have your sonicwall in two configurations.  First, the way you have it now.  Second, you put the ISP modem into transparent/bridge mode.First option: You need to change the LAN IP of the ISP modem from 192.168.0.0/24 to something like 192.168.1.0/24.  The reason you get an error when setting the IP of the WAN interface is the IP address of the WAN interface can't be on the same subnet as the LAN interface.  The sonicwall routes between the WAN and LAN zones.  It also NATs between the two.  Changing the IP address on the ISP hardware and the WAN interface is the easiest option.Second option: When you set the ISP modem in transparent mode, you put the WAN IP that the ISP modem has onto the WAN interface of the sonicwall.  This option is a little harder to set as you have to reconfigure the ISP hardware, but troubleshooting is easier if there is a challenge with connectivity.What hardware is the ISPs modem?Also, by the way, your ISP doesn't know what they are talking about....you don't need a second public IP address.
0
 
Rick NicholsonIT ManagerAuthor Commented:
Hi digitap,

Thanks for the response! The ISP is saying that they're passing through all traffic unfiltered, but I know that they're at least doing some port forwarding for RDC to my server.

I'll follow up tomorrow by getting the hardware type of the modem. Also, the ISP has said that I can use X.X.X.17/255.255.255.252 for the router gateway (where the modem public IP is X.X.X.18) but that hasn't helped because I still don't have an IP for the router itself.

I appreciate your help,
Rick
0
 
digitapCommented:
they are at least NAT'ing the traffic between the public interface and the private interface.  ISPs aren't much help in these instances.  they don't want you to do anything outside of the norm because they can't support it.  once you get the hardware config we'll get things squared away.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Rick NicholsonIT ManagerAuthor Commented:
digitap,

It's a Fortinet Fortigate 60 device.

Thanks!
0
 
digitapCommented:
hmmm....fortinet.  can you ask your ISP support if they can put their hardware into bridge mode?  if they push back, let me know and we'll go from there.
0
 
Rick NicholsonIT ManagerAuthor Commented:
The one thing I don't want to do is interrupt their current connectivity... will putting it into bridge mode affect their current connection? Remember that there's at least one user who relies on an RDC for her job.
0
 
digitapCommented:
You'll have to make sure you plan this out correctly if you want to move the fortinet into bridge mode.

What kind of connection is this, cable or dsl?
0
 
Rick NicholsonIT ManagerAuthor Commented:
It's a T-1 that's part of a voice/data package.
0
 
digitapCommented:
besides the inherent firewall, do you use any of the other services on the sonicwall?  the fortinet is a true firewall.  so, if you need the sonicwall for other features not offered by your fortinet, then my idea is configure the sonicwall in transparent mode.  Read this and tell me what you think?

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3543
0
 
Rick NicholsonIT ManagerAuthor Commented:
SW Tech Support also suggested that (Transparent Mode), and that sounds okay... but the KB you referred me to also says that we need an IP in the same subnet as the WAN.

Sorry I didn't get back to you sooner - dealing with family health issues.

I'm going to follow up with ISP on Monday about the possibility of getting a 2nd public IP, but please let me know what else you're thinking.

Thanks!



0
 
digitapCommented:
are you running the enhanced or standard OS on the TZ200?  You don't need another public IP address.  you can leave things as they are and configure the LAN subnet in transparent mode.  what are you using for DHCP on your network, the sonicwall?
0
 
Rick NicholsonIT ManagerAuthor Commented:
Not sure about the OS version... where would I see that in MySonicWall?

We're using the server for DHCP.

0
 
digitapCommented:
you might be able to see that information under the my products section, but you may have to log in to the sonicwall to get something definitive.  when you log in, click system on the left then status.  look on the right to get whether standard or enhanced.  you'll also find the firmware version.
0
 
Rick NicholsonIT ManagerAuthor Commented:
That'll have to be Tues. AM. I left the router onsite and can't get back there till Tues. (I work as a consultant with aprox. 10 small/mid-sized nonprofit organizations outside of Philly.)

Thanks for sticking with me,
Rick
0
 
digitapCommented:
You bet...talk to you then.
0
 
Rick NicholsonIT ManagerAuthor Commented:
digitap,

Just retrieved the router from the client location - it is SonicOS Enhanced 5.3.0.0-16o

I'm also still pursuing the second IP address - just in case. I believe this can be done without it, but I've already set up 4 or 5 of these devices using the 2nd IP, and it was a snap...

Thanks!
0
 
digitapCommented:
I'd say go with what you know.  If a 2nd IP has worked in the past, then you should stick with that.  You have the enhanced OS so you're not limited to what you can do as with the standard OS.
0
 
Rick NicholsonIT ManagerAuthor Commented:
Ok... I'm supposed to hear back from the ISP within 48 hours as to whether they're willing to donate the 2nd IP (this is a small non-profit working with disabled kids).

If it's okay with you, I'll keep the question open in case they decline. If they do come through, I'll close it and give you the points.

Thanks for bearing with me. I'd love to go through the learning curve of figuring this out - I just don't want to do it at the client's expense/inconvenience.

Rick
0
 
digitapCommented:
I understand.  We have several non-profit clients and (regardless of the state of the economy) money is always tight.

I'll stand by.
0
 
Rick NicholsonIT ManagerAuthor Commented:
digitap,

Thanks so much for your time - I wish I had the time to have you work me through the config of this router without the second IP.

The ISP agreed to "donate" a block of 5 IPs to my client for a one-time charge of $18.50, so I'm going to go that route for now.

It was a pleasure working with you.

Best wishes,
Rick
0
 
digitapCommented:
Thanks Rick...no problem.  Thanks for the points and I'll be seeing you around.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 11
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now