Using Sonicwall TZ210 for non optimal configuration

OK, this may be non optimal, and I am open to suggestions. My ISP has an occam 6150 fiber optic blade to our business. I have a sonicwall TZ205 appliance connected through one of their ports which has a static IP. I have a VPN set up as well. I called and reserved 6 more static IP addresses (one of went to as a gateway address) and asked that service not be interrupted, so they assigned the addresses to a different port on the blade . The reserved IP addresses are for email which I am bringing in house, as well as multiple webservers that I have on a hyper-v server. The question is, can I use another sonicwall port as a WAN port to the new static ip address bank, and use another port(install switch) for the machines that will use those IP addresses? If it is even possible, how would I go about this in the sonicwall config?
ITmanageAsked:
Who is Participating?
 
carlmdConnect With a Mentor Commented:
Although it may sound like a lot, using the Wizard really makes this easy. If you are concerned at removing what you already created, just run the Wizard, and implement one of the services. It will not interfere with your current setup.

If you decide to proceed, thne know that the Wizard does NOT change anything until the last step, and asks you to confirm before it does. The last page it shows is a complete list of what it is going to do, so I suggest that you print that page for a record. This way, if for any reason you want to remove that particular setup, you have a list of what to do.
0
 
carlmdCommented:
0
 
ITmanageAuthor Commented:
Well no, I have that part, but was wanting the WAN connections to stay separate as far as traffic. So, X0 is LAN, X1 is default WAN, I was hoping to use X2 as a secondary WAN, and X3 as a DMZ, i have the TZ205 and sonicwall enhanced, but it is not looking like this is possible. I mean I can achieve separation by network address, but for security reasons I was hoping to physically separate once traffic left the sonicwall.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
carlmdCommented:
I guess I am not understanding. If you define the additional WAN X interfaces to those ip addresses you need, then what am I missing? If you want additional control you can assign zones for each, and set rules for that.

Not sure what you mean by "hoping to physically separate once traffic left the sonicwall."
0
 
ITmanageAuthor Commented:
Sorry for the bad terminology, wording. I am not exactly versed in firewall speak. Let me change wording, and simplify my setup for now. So I have a webserver behind 216.229.xxx.182 that is static and assigned to the primary WAN port. I have a secondary WAN port with a /29 subnet on network 216.229.xxx.160 (giving me 6 IP addresses, while 161 is the gateway, and I assigned 162 to the sonicwall as the secondary WAN address). At this point I am just trying to get this to work. I have an internal webserver (which I was originally going to put in a DMZ, but not worried about it at this point. I assigned it an IP of 192.168.20.13 (postfix server with ISPconfig, etc). I just want to be able to communicate with the email server at this point (using squirrelmail). I created address objects and created firewall policy, etc, but cannot communicate with the server. I am wondering what I am doing wrong? Apologize again for the sliding on the answer, as I said before I am just trying to get this to work firstly, and going to change as time goes on.
0
 
ITmanageAuthor Commented:
I am trying to use both WAN ports to communicate with the local class C network.
0
 
carlmdCommented:
Ok, you can use both WAN ports as you want. By default, your X1 is the way out for all LAN traffic unless you specifically write rules to direct traffic to the secondary WAN (X2) port. For example, you might want to send all LAN originated http and https (browsing) traffic out the secondary X2. As for incoming traffic, you must also write separate rules for each WAN interface.

So, with regards to your email (smtp) and web server (http) traffic on the X2 interface I suggest you get rid of what you have, and use the Wizard to create both public server instances. If you have never used the Wizard, it will ask you questions, and use your answers to create all required objects, NATS, and rules for the service. You will need to run it twice, once for the email and once for the web server.

In the outside world you will have to redirect your incoming mail to the X2 ip address as well as your http(s) resolution. However to test before you do this you could use the ip address as http://xxx.xxx.xxx.xxx, and for email you could telnet xxx.xxx.xxx.xxx 25 and see the mail server prompt.
0
 
ITmanageAuthor Commented:
Thank you. I am thrown by all of this. I was hoping to use 1-1 NAT for my static IP's to just send all traffic from my external static IP I designated (coming from secondary WAN port) to my private email IP, and it to send all traffic back out of the secondary WAN port.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.