Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1287
  • Last Modified:

Sonicwall TZ100W in Multitenant setup

I have a Sonicwall TZ100W that I am using to share an Internet with another office.  The ISP provides quasi static IP addresses(technically long lease DHCP addresses), so I have had to use two ports to get two WAN IP addresses, as both I and they have Small Business Servers.  I have been able to get the inbound services working, so my email comes to me and thiers to them, but to be able to do this I had to enable load balancing.  This means that both internal networks are sharing both external interfaces, but I would like to limit my computers to use one of the external IP addresses and the other network to use the other external IP address.  Is this possible?
0
SterlingMcClung
Asked:
SterlingMcClung
  • 6
  • 4
  • 3
1 Solution
 
digitapCommented:
does the other office care to use your sonicwall or would they mind using a different firewall?  also, to clarify, you do have more than one public IP address?

if yes to both, then you can do this two ways.  you could put one of the interfaces on the sonicwall in transparent mode and let a linksys (or whatever) get one of the public IP addresses and your sonicwall to get one of the public IP addresses.

OR

install a switch and connect the linksys (or whatever), sonicwall and internet router to it.  give your sonicwall a public IP address and the linksys a public IP address.


thoughts?
0
 
Cas KristCommented:
I think it can be done with sonicos enhanced with route policies. You can force traffic coming from a specified lan subnet to go out through the "secondary default gateway" for example. It is worth a shot.
0
 
SterlingMcClungAuthor Commented:
caskrist - that is exactly what I needed to do.  I had been trying to do this with the NAT policies, and it just was not working.  I created a route from my network to anywhere through my external address with a lower metric than the other rules, and now my network is only using that address.  I will create the route for the other office after hours just to make sure I don't interupt them.  I will wait until it succeeds before I assign points.

0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
digitapCommented:
any feedback for my post?
0
 
SterlingMcClungAuthor Commented:
The other office wants to use the security features of the sonicwall and yes I have more than one public IP address.  If I understand your solutions, they both mean that the other office does not get to take advantage of the sonicwall, which is not what I wanted.
0
 
digitapCommented:
one step at a time.  i just needed more clarification on the hardware layout potentials.

as long as you have more than one public IP bound to your WAN interface you can have two exchange servers on your private network.  i would put the other office on say, 192.168.1.0/24 on X3 and your office say, 192.168.2.0/24 on X0.  their switch goes to the X3 interface and your switch goes to the X0 interface.  run your public server wizard for exchange services and point each public IP to their respective private IP servers.  both subnets get the benefit of using the sonicwall.

then, go into your firewall rules and deny x3 <> x0.
0
 
Cas KristCommented:
It is not only about inbound traffic, but also for outbound traffic. Office 1 uses IP X.X.X.X for inbound and outbound traffic and Office 2 uses IP Y.Y.Y.Y for inbound and outbound traffic.
0
 
SterlingMcClungAuthor Commented:
Caskrist is correct.  I already had the inbound services working properly, and if you notice in the original post, I mentioned that I had to DHCP the IP addresses, which means I can have the two external addresses on the same interface.  Here is the setup: (IPs changed)

X1 - 4.2.2.1
X2 - 192.168.50.2 - connected to another router that has 4.2.2.2
X3 - 192.168.5.1
X4 - 192.168.10.1

Because I now had two WAN interfaces I had to enable load balancing.  Load balancing made it so that when I connected to websites from my network, sometimes I would use the 4.2.2.1 address instead of being contrained to the 4.2.2.2 address.

digitap, your solution is exactly what I would have done if I had real static IP addresses.  However, the load balancing, which was required due to the two WAN interfaces, caused the problems that I needed help with.
0
 
digitapCommented:
address objects can contain urls.  since you don't have static ip addresses, sign up for dyndns and use the url for your address object.  thoughts?
0
 
digitapCommented:
i'm still not sure on what your final solution was.  also, you didn't provide any network specifics until the very last post.  als, your lack of response to expert comments is quite frustrating.  good luck!
0
 
Cas KristCommented:
Thanks for the points.
0
 
SterlingMcClungAuthor Commented:
I didn't provide network specifics at first, but I was will to give them upon request.  I did not respond to you at first, because caskrist's first response provided the solution to the problem.  The solution to the problem as caskrist suggested was to use a custom route, with a lower metric than the default routes, that directs the outbound traffic to the desired interface and external IP address based on the internal network it was coming from.  I realize that I did not provide complete details, but even after providing complete details, you gave suggestions that were completly off base to the stated problem.  I stated in the original post that my inbound services were working.  Why would I need dyndns addresses if my inbound services were working?  Why would I need dyndns addresses at all?  I have "static" IP addresses in the fact that they do not change but due to the security policies of my ISP, they make me DHCP the addresses.  The even allow me to customize the reverse lookup names for my "static" IP addresses.  Not sure why you are so upset that after I recieved the answer to my question, I told the expert that he gave me the answer I was looking for and did not respond to someone that did not provide any additional insight to my problem.  I was nice enough to give you information after having said that I would give the points to someone else, and you still did not provide anything new.  And I don't think that it is my responsibility as the person posing the question to make sure that the expert with over a million points understands what I needed to do to solve my problem.
0
 
digitapCommented:
here, http:#a34873294, i ask several questions.  you never respond to those questions until i inquire about my post here, http:#a34875923.  i understand that you were on DHCP, but you also mention static.  it was just confusing and, as such, i offer solutions for someone who's on DHCP.  my point here was etiquette.  experts take their time to offer you solutions and ignoring them is rude.

i don't care about the points...it's not EVEN part of this equation.  as i read through here, you don't outline what you did to resolve the problem.  it appears that caskrist, although his suggestions were right on, provided you bits of information and you figured it out on your own without fleshing it out here.  the whole point being problem/resolution.  someone looking for a resolution with the same problem as yours needs to find out HOW to fix it.  this is never explained fully here.  your last post explains it and puts it all together.  perhaps i'm just a moron, but, as you said, someone with over 1 million points MUST know what he's talking about.

sorry to junk up your question with the drama.  certainly, there must have been a better way to approach this and i apologize for that.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 6
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now