How to configure SonicWall TZ210W to use the extra WAN IP range ?

Ravakl
Ravakl used Ask the Experts™
on
I have SonicWall TZ210W Firewall (FW 5.8.0.3). This TZ210W is connected with ADSL2+ Draytek Router in bridge mode to ISP . I have ADSL2+ with static IP.  This IP is assigned to WAN port of TZ210W.
I have paid four extra WAN addresses. Two of this addresses I can use.
My question is:
I want to use this two extra IP’s to access my WEB server or another server inside my network .  Is it possible with TZ210W?  How can I configure SonicWall TZ210W ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Syed_M_UsmanSystem Administrator
Top Expert 2011
Commented:
Dear its possible and you have  two options;

Scenario A:Recomended
Scenario B:Not Recommended


Scenario A: The scenario will be similar to this;
 you will request your ISP to assign Static pubic IP Address on your ADSL and provide one pool of /30 subnet for your internal network or extra
you will configure your router using ADSL setting and after you will configure /29 subnet on your router LAN, ie
Global-----ISP----ADSL (Router WAN  81.x.x.35, LAN 81.x.15.12/30)----SNA (TZ-210W) WAA 81.x.15.13/30
For your host, you will assign 81.x.15.14/30, below will be your firewall configration
Go to sonicwall---->Network>Interface (free port)--->Configure---->DMZ----Layer2Bridge----Interface X1-----ok
connect your host @ DMZ ; host IP 81.x.15.14/29, GW 81.x.15.12
---------------------------------------------------------------------------------------------------
Scenario B: The scenario will be similar to this (Two ip 81.x.x.35-36)

Global-----ISP----ADSL (Modem/Ruter acting as bridge)----SNA (TZ-210W) WAA 81.x.x.35
and you want 81.x.x.36 on remote host,
Go to sonicwall---->Network>Interface (free port)--->Configure---->DMZ----Static----(Fake IP-81.x.x.34/29)-----ok
connect your host; host IP 81.x.x.36/29, GW 81.x.x.34

NOTE: this is not recommended way, your host will be able to browse internet but external users/clients may find difficulty.
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
By the way if you want to access web server from global, you dont require extra Public ip (Unless speacial reasons), you can have one IP on your SNA WAN(X1) Interface and simply use Wizard to park web server (Like Exchange emails or OWA acess from outside-inside).
1) Thanks, I will try it.

2) I know it,  but the problem is when you have more than one servers on the same port, for example port 443 for OWA and for the SonicWall SSL VPN.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
u r welcome
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
any luck???
I've contacted with Sonicwall support and they have the next solution:
--------------------------------------------------------------------------------
You need to create One to One NAT in the Sonicwall TZ210 to use the Extra IP's, please refer the provided KB article from the previous engineer i.e., KBID : 7484, to configure TZ210, example is given step by step :

Example : I want to access Remote desktop of Local Server(192.168.1.2) from outside Public IP(79.132.x.196)

Step 1 : Create 2 Address Objects :- Go to Network > Address objects > Add

First Address object :-
Name : Server1
Zone : LAN
Type : Host
IP : 192.168.1.2

Second Address object :-
Name : Server1 Public IP(79.132.x.196)
Zone : WAN
Type : Host
IP : 79.132.x.196

Step 2 : Create NAT policy :- go to Network > NAT Policies > Add

Original Source : Any
Translated Source : Original
Original Destination : Server1 Public IP(79.132.x.196) Translated Destination : Server1(192.168.1.2) Original Service : Terminal Services(3389 for RDP) Translated Service : Original.
Inbound Interface : Any or X1
Outbound Interface : Any

Step 3 : Create Firewall Access rule :- Go to Firewall > Access Rules > WAN to LAN rule > Add

From Zone: WAN
To Zone : LAN
Service : Terminal Services(3389)
Source : Any
Destination : Server1 Public IP(79.132.x.196)
--------------------------------------------------------------------------
What do you think about it?

Do you have working Scenario A?


Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
in my case Senario A is working.
In my case Primary WAN IP is not in the same subnet as the Extra WAN IP's.
I've configured it with Static ARP and Static Route, as by the SonicWall KB ID 3726

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3726

It's working

 


In my case I didnt wanted to change configuration of the first ADSL modem-router from bridge to NAT (Scenario 1)
One-to-one NAT than was exact what I was trying to find.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial