Allow a public IP to "pass-through" a Sonicwall TZ190

Aaron
Aaron used Ask the Experts™
on
Here's the scenario.  

Usable Public IP range:  0.0.0.2 - 0.0.0.5
Sonicwall TZ190 in place, runs DHCP, hands out 172.16.233.100-200
WAN interface of TZ190 is 0.0.0.2

I have an internal device that has to utilize one of the public IP's (0.0.0.3).  Re-cabling that device is not an option, the change must be made on the Sonicwall if possible.  I need to have 0.0.0.3 pass through the TZ190 with no restrictions so the device can utilize it.

Here's what I've tried (unsuccessfully):
-Created WAN zone object with 0.0.0.3
-Created LAN zone object with 0.0.0.3
-Ran public server wizard these objects with the services set to   Any->Any

Firewall gurus, please point me in the correct direction.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Any device on the LAN side of the Sonicwall will have unrestricted access to go out the WAN by default, unless you specifically issue rules to prevent it.

Is the problem that the contact is initiated from the WAN side, and you need to permit that?

Please provide a little more info on what this device is and what you need to permit. For example, is it a process that initiates a download from the LAN, but the response is on another port or different service.
AaronVice President, Operations

Author

Commented:
The device is a Cisco phone; the service is provided by another vendor and is being initiated from the WAN.  The incoming port should not need to be translated, so I assume the any->any service designation would be fine (although insecure).
Are you trying to set up VOIP through the Sonicwall?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

AaronVice President, Operations

Author

Commented:
Yes, sorry, guess I should have started with that.
Top Expert 2010

Commented:
Does your switch the internal Cisco device connects to perform VLAN functions? My thought here is to create a VLAN, connect the VLAN'd port to a port on the sonicwall that is configured in transparent mode to the WAN. Your Cisco device could then take on a public IP address.

It may seem scary to connect a port on your private switch to a public interface, but you'd be doing that anyway with a "pass through" solution. Which, by the way, I don't think the sonicwall will allow you to do. I think you're asking the sonicwall to suspend NAT and firewall functionality for a device that's connected to your private switch containing a public IP address. From your description, the vendor expects your Cisco device to have a public IP address. Using a VLAN would at least contain the traffic.
Top Expert 2010

Commented:
Also, you indicated another stipulation was that you could not run a wire special for this device. Your private switch has to connect to the sonicwall anyway, right?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial