Link to home
Start Free TrialLog in
Avatar of gateguard
gateguard

asked on

How to temporarily disable a WAN IP on my Sonicwall NSA220?

I have a 1-to-1 NAT to a server named WEBSERVER-A on the LAN, consisting of:
1) a public address object for WEBSERVER-A
2) a private address object for WEBSERVER-A
3) a nat policy connecting the 2 objects
4) an access rule allowing http through the public address

Currently the NSA220 wan port is not attached to the internet.  And currently, WEBSERVER-A is published on another firewall.

I need to connect the NSA220 wan port long enough to run the "update your registration" link on the status page but at this time I'm not ready to turn the other firewall off.

So how to I temporarily turn off the IP address for WEBSERVER-A on my Sonicwall so that when I plug the wan port in to the internet I won't be causing an ip conflict?

Do I disable the access rule?
Do I disable the nat policy?
Do I disable both?

I don't see a way to disable the public address object.  Do I have to delete the public address object?

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Syed Muhammad Usman
Syed Muhammad Usman
Flag of Bahrain image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gateguard
gateguard

ASKER

I don't really understand your answer.

I'm going to restate my question.

In fact, my new firewall is fully pre-configured, with 9 webservers, 3 ftp servers, and a mail server with 3 different services.

All of those services are live on another firewall.  I don't want to unplug the other firewall.

I just want to plug the new firewall in to the internet long enough to do the registration update.  I have a reason why I want to do that that I don't feel like going in to.

I just want to know how to make the 16 different addresses on my new firewall "invisible" while I plug it in.

I know how I would do it if it were an ISA server.  I would disable all the access rules, delete all the ip addresses (except one) with a netsh script command, plug it into the internet with a single non-conflict ip address, do what I had to do and unplug again.  Then I would run a netsh script command adding back in all the addresses and I would quickly re-enable (with two mouse-clicks) all the access rules I had previously disabled.

I'm not looking for something that will work in 2 mouse-clicks.  I'm just looking for something that will work.

Again, let me ask this:

Do I disable the access rule?
Do I disable the nat policy?
Do I disable both?
Do I do neither?
Is there no way to do what I want to do without deleting all the objects?

Alternatively, let me ask this:
I exported an empty configuration before I built all these objects.  If I import the empty configuration, update the registration, then get off the internet and re-import the full configuration will I be wiping out the registration update or will it still be good?

Bottom line:
It's already configured with many objects but not registration-updated.  I want to run the registration update without making it live.  That's what I'm trying to do here.

Thanks.
Dear,

really sorry if i understand wrong...... but

i would suggest you REGISTER YOUR FIREWAL and do configuration or do full configuration and let the firewall LIVE with you WAN.........

below are most likely senario's..

if you have ADSL connection or Leased line connection and your connection is similar to below:

ISP---------------------ROUTER------------------------OLD FIREWALL WAN

you can do this way

ISP----------------------ROUTER----------------------OLS FIREWALL WAN
                                    |
                                SNA WAN

or

if your connection is like below

ISP---------------------MODEM------------------------OLD FIREWALL WAN
you can do this way

ISP---------------------MODEM-----------SWITCH------------------OLD FIREWALL WAN
                                                                |
                                                             SNA WAN

below i try to clerify some other points.

"In fact, my new firewall is fully pre-configured, with 9 webservers, 3 ftp servers, and a mail server with 3 different services" ---------> i belive this is SNA? if yes then how the services are running without WAN connection? and if services are not running and you want only to register firewall.i wrote in my previous post that simply connect on of your "PRODUCTION ROUTER/FIREWALL LAN cable to SNA WAN and register your SNA....

"All of those services are live on another firewall.  I don't want to unplug the other firewall"-------------->connect on of your "PRODUCTION ROUTER/FIREWALL LAN cable to SNA WAN and register your SNA....

"Do I disable the access rule?
Do I disable the nat policy?
Do I disable both?
Do I do neither?"

IF firewall services are configured but "NOT IN PRODUCTION" means running on other firewall still you can register  but you need to diable all custome rules you have made including....

NAT
ROUTES
LAN>WAN
WAN>LAN
VPN

logon to  Network > NAT Policies .. click on custom polices and uncheck all.
Network > Routing>click on custom polices and uncheck all.
 
you can do same for VPN...
I used your suggestion to put the wan port on the lan.

But first I had to create a dmz port address so I could keep talking to the device from my laptop.

All worked well.

I also signed up for a year of support at sonicwall.  Doesn't cost that much, actually.

Thanks for all the effort you put in to this.
Thanks for your comments :):):)