Sonicwall as a Router

Hi,

We have recently had an unmanaged 100meg internet service installed by virgin.

They have provided us with a wan address and gateway on a /30 network as well as a public lan range of /27 which are our external addresses.

We have 2 Sonicwall NSA 3500 firewalls in failover mode which i would like to use as the gateway to our network. I would like to avoid buying a router to sit in between the two networks. Below is how i'm guessing that virgin envisage the network, however id like to remove the need for a router at our end.
                     
LAN ---- SW NSA /27 ----- /27 OUR ROUTER /30----- | ----- /30 VIRGIN ROUTER ----- INTERNET

Is it possible to create a sub interface on the Sonicwall and the appropriate routing rules so that the sonicwall can take care of the routing to virgin and also onto our lan? and if so any pointers would be most appreciated.

EschmannAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Benjamin MOREAUConnect With a Mentor Project ManagerCommented:
Hi,

In all my SonicWall deployement, i configure public IP adress directly on my SonicWall (for you the /30 adress). And after, Virgin route all your /27 IP adress on your SonicWall.

You just have to create rules on your sonicwall like with "original destination IP = your /27 IP adress".

I have explain how i do.. but i'm in France; maybe Virgin can't do this...
0
 
EschmannAuthor Commented:
could you be more specific as to which type of rules?

routes? NAT rules?
0
 
Benjamin MOREAUConnect With a Mentor Project ManagerCommented:
Just configure your WAN interface with /30 Ip addres (like this : https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7449)

And after, just add NAT Rules & Firewall rules to use you public IP Pool (/27) :

Exemple NAT Rule for SMTP :
 Original Source : any
 Trans. Dest : Original
 Orig Dest : Your Public IP in /27 pool
 Trans dest : Your Mail server in your LAN
 Orig Service : SMTP
 Trans service : Original

Exemple FW Rule :
 From : WAN
 To : LAN
 Service : SMTP
 Source : Any
 Destination : Your public IP in /27 pool
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
EschmannAuthor Commented:
it doesnt seem to be working.

Would the firewall NAT packets that are destined for the /27 network when it doesnt have a presence on that network? (its only on the /30)

wouldnt it just be dropping the packets?
0
 
amatson78Sr. Security EngineerCommented:
If you run a packet capture are you seeing uncommitted.g packets for one of the intended IP addresses ? If the ISP is routing to you correctly you will see it in the packet capture. If not then they need to correct their routing first.  
0
 
EschmannAuthor Commented:
I can see that the ISP are routing the packets to me correctly using packet capture however they are being dropped instead of forwarded on to a machine on my lan.
0
 
Benjamin MOREAUProject ManagerCommented:
could you post a capture of your NAT rule & your FW rule ?
0
 
EschmannAuthor Commented:
NAT rule to point traffic for an ip on the /27 network to a pc here running a telnet server
 NAT rule
FW rules(i know i dont need both)
 FW rule
Dropped packet monitor
 packet monitor
Virgin address1 is an address on the /27 range
Andy PC (EEW080) is a pc with a telnet server running on it (which i can connect to from machines on the LAN)

cheers guys!
0
 
Benjamin MOREAUProject ManagerCommented:
Sorry, but could you post a capture of the detail (when you click on the pen) ?
0
 
EschmannAuthor Commented:
here they are!
 nat fw
0
 
Benjamin MOREAUProject ManagerCommented:
could you give the content of "virgin address 1" ?

Your rules are OK; your ISP is corrctly routing your public IP, so i think it's a problem with your object "virgin address 1"
0
 
EschmannAuthor Commented:
virgin address 1 is an ip address on the /27 range supplied by the ISP
 vi1
0
 
Benjamin MOREAUProject ManagerCommented:
..i don't see... maybe try to specify the "original service" in the NAT Rule & the "service" in the FW Rule.
0
 
EschmannAuthor Commented:
no idea why it wasnt working straight away but now it is!

thanks MOREAU37
0
All Courses

From novice to tech pro — start learning today.