Allow a public IP to "pass-through" a Sonicwall TZ190
Here's the scenario.
Usable Public IP range: 0.0.0.2 - 0.0.0.5
Sonicwall TZ190 in place, runs DHCP, hands out 172.16.233.100-200
WAN interface of TZ190 is 0.0.0.2
I have an internal device that has to utilize one of the public IP's (0.0.0.3). Re-cabling that device is not an option, the change must be made on the Sonicwall if possible. I need to have 0.0.0.3 pass through the TZ190 with no restrictions so the device can utilize it.
Here's what I've tried (unsuccessfully):
-Created WAN zone object with 0.0.0.3
-Created LAN zone object with 0.0.0.3
-Ran public server wizard these objects with the services set to Any->Any
Firewall gurus, please point me in the correct direction.
Usable Public IP range: 0.0.0.2 - 0.0.0.5
Sonicwall TZ190 in place, runs DHCP, hands out 172.16.233.100-200
WAN interface of TZ190 is 0.0.0.2
I have an internal device that has to utilize one of the public IP's (0.0.0.3). Re-cabling that device is not an option, the change must be made on the Sonicwall if possible. I need to have 0.0.0.3 pass through the TZ190 with no restrictions so the device can utilize it.
Here's what I've tried (unsuccessfully):
-Created WAN zone object with 0.0.0.3
-Created LAN zone object with 0.0.0.3
-Ran public server wizard these objects with the services set to Any->Any
Firewall gurus, please point me in the correct direction.
ASKER
The device is a Cisco phone; the service is provided by another vendor and is being initiated from the WAN. The incoming port should not need to be translated, so I assume the any->any service designation would be fine (although insecure).
Are you trying to set up VOIP through the Sonicwall?
ASKER
Yes, sorry, guess I should have started with that.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does your switch the internal Cisco device connects to perform VLAN functions? My thought here is to create a VLAN, connect the VLAN'd port to a port on the sonicwall that is configured in transparent mode to the WAN. Your Cisco device could then take on a public IP address.
It may seem scary to connect a port on your private switch to a public interface, but you'd be doing that anyway with a "pass through" solution. Which, by the way, I don't think the sonicwall will allow you to do. I think you're asking the sonicwall to suspend NAT and firewall functionality for a device that's connected to your private switch containing a public IP address. From your description, the vendor expects your Cisco device to have a public IP address. Using a VLAN would at least contain the traffic.
It may seem scary to connect a port on your private switch to a public interface, but you'd be doing that anyway with a "pass through" solution. Which, by the way, I don't think the sonicwall will allow you to do. I think you're asking the sonicwall to suspend NAT and firewall functionality for a device that's connected to your private switch containing a public IP address. From your description, the vendor expects your Cisco device to have a public IP address. Using a VLAN would at least contain the traffic.
Also, you indicated another stipulation was that you could not run a wire special for this device. Your private switch has to connect to the sonicwall anyway, right?
Is the problem that the contact is initiated from the WAN side, and you need to permit that?
Please provide a little more info on what this device is and what you need to permit. For example, is it a process that initiates a download from the LAN, but the response is on another port or different service.