<div>
Could you provide some more details on the exact configuration you have? Also are you using the Public Server Wizard or creating a manual NAT? I always suggest using the Wizard as it creates the appropriate firewall rules for you with the NAT.<br />
<br />
I have done for example a NAT such as this when the X1 has an IP block passed to it through a modem in bridge mode. The sonicwall got assigned one of the IPs in the block, and all I had to do was use the Public Server Wizard to NAT an internal server to one of the other public IPs available in the block.<br />
<br />
If you could provide the subnets used and what mode the modem is in, that would help with determining what we can configure.
</div>


<div>
Agreed, use one wire for the wan, use the server wizard, choose other an select the ports you need. 
</div>


<div>
Hi,<br />
&nbsp; &nbsp; &nbsp; Please tell me the subnet of the IP given bye your ISP.<br />
&nbsp; &nbsp;Also tell me when u do one to one satic nat, are you able to ping that ip from internet.<br />
<br />
Regards<br />
Pawan
</div>


<div>
Thanks for the quick responses. Here are more details - <br />
<br />
They were using a Motorola DSL modem and I have not a clue what mode it is in. They have switched out the modem to see if it would fix the issue, but it has not. We do not have access to configuring this modem.<br />
<br />
The public ip of the TZ210 is 24.140.156.149 with subnet mask of 255.255.254.0 and default gateway is 24.140.156.1. The second wan ip address is 24.140.156.178. Both ip addresses are pingable but the ISP says they do not always allow pings to go through so you cannot rely on it. <br />
<br />
I did not use the wizard I just manually &nbsp;just set up two nat policies. They are - &nbsp;<br />
Phone Private - Phone Public, any - original, any - original, x0 - x1 &nbsp;and then the reflective - <br />
any-original, Phone Public -Phone Private, any-original, x1 - any. Also added the access rule to allow all to the Public Phone address from Wan to Lan. We did extensive testing with this setup and the ISP is dropping outbound packets from second wan ip address. &nbsp;I sent the config to sonicwall support and they say the config for the nat policy is correct. We have upgraded to the current latest firmware which is 5.8.<br />
<br />
We added a switch between the Sonicwall and the modem for this testing and placed a computer there with an ip address that the isp &nbsp;provided for us. This computer could access the inside device perfectly with the nat policy and access rule used above so it really is not a case of a misconfigured nat policy. We did wireshark captures from the middle computer and it looks like about 30 % of the outbound packets from the second wan ip address make it to their destination.<br />
<br />
The isp has recommended using a second physical interface with a unique mac address for the phone system or just connecting the phone system to the switch that is currently there. They say their modem just is not able to handle traffic from multiple ip addresses using the same mac address. <br />
<br />
If we can get it to work by keeping the phone system on the private ip address then the phone people do not need to come back out to reconfigure it.<br />
<br />

</div>


<div>
I found that I could go to Network - Arp in the TZ210 and attach a mac address to the public phone ip address. This seems to be working better. Is this correct?
</div>


<div>
Dear if you have Two WAN IP Address and need to assign 1 to your phone system you just need to do follwoings;<br />
<br />
logon to SNA&gt;Network &gt;Zones&gt;Add&gt; Public Servers (you can name any in my example i named as &quot;Server&quot;Make sure you allow interface trust-refer to atarched, Zone-Creation-1 &amp;&nbsp;2)<br />
<br />
Go to network&gt;X2 (you can select any empty interface)and add into zone(refer to Zone-Creation-3) and use bridge and bridge with X1<br />
<br />
now connect your host directly with X2.<br />
<br />
<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2011/08_w32/486448/Zone-Creation-1.png" target="_blank" class="file-inline" title="Zone-Creation-1 (120 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Zone-Creation-1.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2011/08_w32/486449/Zone-Creation-2.png" target="_blank" class="file-inline" title="Zone-Creation-2 (107 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Zone-Creation-2.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2011/08_w32/486450/Zone-Creation-3.png" target="_blank" class="file-inline" title="Zone-Creation-3 (68 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Zone-Creation-3.png</a>
</div>


Zone-Creation-3.png

Zone-Creation-1.png

Zone-Creation-2.png

<div>
Are you saying that the phone system itself will need to have the public ip address configured on it? Will the x1 port be the only port to be connected to the modem? There does not need to be any firewall access rules or nat policies? Thanks.
</div>


WZ-1.png

SonicOS_Enhanced_using_a_Secondary_Public_IP_Range_for_NAT

SonicOS-Enhanced-using-a-Seconda.pdf

WZ-2.png

WZ-3.png

WZ-4.png

<div>
<div class="content wysiwyg-content">
I need to &quot;map&quot; a Public IP address to a phone system on the private network. The firewall is a Sonicwall TZ210 and the primary wan interface &quot;X1&quot; has a &quot;many to one&quot; nat policy applied to it for internet access of the lan computers. When I set up a standard &quot;one to one&quot; nat policy to nat the internal phone system to a second wan ip address the network traffic is not being forwarded correctly by the ISP's modem. The ISP technician says that their modem cannot distinguish between two ip addresses when they are coming from the same physical port. Somehow I need to map this second wan ip address to a second mac address coming out of this TZ210. Anybody ever do this before? When I try to apply the second wan ip to another port &quot;x3&quot; for example, I receive a &quot;this subnet has already been used error&quot; and it will not let me do that.
</div>
</div>


I need to "map" a Public IP address to a phone system on the private network. The firewall is a Sonicwall TZ210 and the primary wan interface "X1" has a "many to one" nat policy applied to it for internet access of the lan computers. When I set up a standard "one to one" nat policy to nat the internal phone system to a second wan ip address the network traffic is not being forwarded correctly by the ISP's modem. The ISP technician says that their modem cannot distinguish between two ip addresses when they are coming from the same physical port. Somehow I need to map this second wan ip address to a second mac address coming out of this TZ210. Anybody ever do this before? When I try to apply the second wan ip to another port "x3" for example, I receive a "this subnet has already been used error" and it will not let me do that.

Nat Public IP to Private IP behind Sonicwall TZ210 and Cable Modem

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Transmission Control Protocol/Internet Protocol (TCP/IP) is the set of networking protocols that define end-to-end connectivity specifying how data should be packeted, addressed, transmitted, routed and received at the destination. This functionality is organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.

TCP/IP

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.