Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall TZ100W in Multitenant setup

Posted on 2011-02-10
13
Medium Priority
?
1,238 Views
Last Modified: 2012-05-11
I have a Sonicwall TZ100W that I am using to share an Internet with another office.  The ISP provides quasi static IP addresses(technically long lease DHCP addresses), so I have had to use two ports to get two WAN IP addresses, as both I and they have Small Business Servers.  I have been able to get the inbound services working, so my email comes to me and thiers to them, but to be able to do this I had to enable load balancing.  This means that both internal networks are sharing both external interfaces, but I would like to limit my computers to use one of the external IP addresses and the other network to use the other external IP address.  Is this possible?
0
Comment
Question by:SterlingMcClung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 34873294
does the other office care to use your sonicwall or would they mind using a different firewall?  also, to clarify, you do have more than one public IP address?

if yes to both, then you can do this two ways.  you could put one of the interfaces on the sonicwall in transparent mode and let a linksys (or whatever) get one of the public IP addresses and your sonicwall to get one of the public IP addresses.

OR

install a switch and connect the linksys (or whatever), sonicwall and internet router to it.  give your sonicwall a public IP address and the linksys a public IP address.


thoughts?
0
 
LVL 6

Accepted Solution

by:
Cas Krist earned 2000 total points
ID: 34874686
I think it can be done with sonicos enhanced with route policies. You can force traffic coming from a specified lan subnet to go out through the "secondary default gateway" for example. It is worth a shot.
0
 
LVL 7

Author Comment

by:SterlingMcClung
ID: 34875738
caskrist - that is exactly what I needed to do.  I had been trying to do this with the NAT policies, and it just was not working.  I created a route from my network to anywhere through my external address with a lower metric than the other rules, and now my network is only using that address.  I will create the route for the other office after hours just to make sure I don't interupt them.  I will wait until it succeeds before I assign points.

0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 33

Expert Comment

by:digitap
ID: 34875923
any feedback for my post?
0
 
LVL 7

Author Comment

by:SterlingMcClung
ID: 34876141
The other office wants to use the security features of the sonicwall and yes I have more than one public IP address.  If I understand your solutions, they both mean that the other office does not get to take advantage of the sonicwall, which is not what I wanted.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34876752
one step at a time.  i just needed more clarification on the hardware layout potentials.

as long as you have more than one public IP bound to your WAN interface you can have two exchange servers on your private network.  i would put the other office on say, 192.168.1.0/24 on X3 and your office say, 192.168.2.0/24 on X0.  their switch goes to the X3 interface and your switch goes to the X0 interface.  run your public server wizard for exchange services and point each public IP to their respective private IP servers.  both subnets get the benefit of using the sonicwall.

then, go into your firewall rules and deny x3 <> x0.
0
 
LVL 6

Expert Comment

by:Cas Krist
ID: 34877338
It is not only about inbound traffic, but also for outbound traffic. Office 1 uses IP X.X.X.X for inbound and outbound traffic and Office 2 uses IP Y.Y.Y.Y for inbound and outbound traffic.
0
 
LVL 7

Author Comment

by:SterlingMcClung
ID: 34879863
Caskrist is correct.  I already had the inbound services working properly, and if you notice in the original post, I mentioned that I had to DHCP the IP addresses, which means I can have the two external addresses on the same interface.  Here is the setup: (IPs changed)

X1 - 4.2.2.1
X2 - 192.168.50.2 - connected to another router that has 4.2.2.2
X3 - 192.168.5.1
X4 - 192.168.10.1

Because I now had two WAN interfaces I had to enable load balancing.  Load balancing made it so that when I connected to websites from my network, sometimes I would use the 4.2.2.1 address instead of being contrained to the 4.2.2.2 address.

digitap, your solution is exactly what I would have done if I had real static IP addresses.  However, the load balancing, which was required due to the two WAN interfaces, caused the problems that I needed help with.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34880330
address objects can contain urls.  since you don't have static ip addresses, sign up for dyndns and use the url for your address object.  thoughts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 34880647
i'm still not sure on what your final solution was.  also, you didn't provide any network specifics until the very last post.  als, your lack of response to expert comments is quite frustrating.  good luck!
0
 
LVL 6

Expert Comment

by:Cas Krist
ID: 34881720
Thanks for the points.
0
 
LVL 7

Author Comment

by:SterlingMcClung
ID: 34885748
I didn't provide network specifics at first, but I was will to give them upon request.  I did not respond to you at first, because caskrist's first response provided the solution to the problem.  The solution to the problem as caskrist suggested was to use a custom route, with a lower metric than the default routes, that directs the outbound traffic to the desired interface and external IP address based on the internal network it was coming from.  I realize that I did not provide complete details, but even after providing complete details, you gave suggestions that were completly off base to the stated problem.  I stated in the original post that my inbound services were working.  Why would I need dyndns addresses if my inbound services were working?  Why would I need dyndns addresses at all?  I have "static" IP addresses in the fact that they do not change but due to the security policies of my ISP, they make me DHCP the addresses.  The even allow me to customize the reverse lookup names for my "static" IP addresses.  Not sure why you are so upset that after I recieved the answer to my question, I told the expert that he gave me the answer I was looking for and did not respond to someone that did not provide any additional insight to my problem.  I was nice enough to give you information after having said that I would give the points to someone else, and you still did not provide anything new.  And I don't think that it is my responsibility as the person posing the question to make sure that the expert with over a million points understands what I needed to do to solve my problem.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34887647
here, http:#a34873294, i ask several questions.  you never respond to those questions until i inquire about my post here, http:#a34875923.  i understand that you were on DHCP, but you also mention static.  it was just confusing and, as such, i offer solutions for someone who's on DHCP.  my point here was etiquette.  experts take their time to offer you solutions and ignoring them is rude.

i don't care about the points...it's not EVEN part of this equation.  as i read through here, you don't outline what you did to resolve the problem.  it appears that caskrist, although his suggestions were right on, provided you bits of information and you figured it out on your own without fleshing it out here.  the whole point being problem/resolution.  someone looking for a resolution with the same problem as yours needs to find out HOW to fix it.  this is never explained fully here.  your last post explains it and puts it all together.  perhaps i'm just a moron, but, as you said, someone with over 1 million points MUST know what he's talking about.

sorry to junk up your question with the drama.  certainly, there must have been a better way to approach this and i apologize for that.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question