Using Sonicwall TZ210 for non optimal configuration

Is this what you are looking to do?

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7781

Well no, I have that part, but was wanting the WAN connections to stay separate as far as traffic. So, X0 is LAN, X1 is default WAN, I was hoping to use X2 as a secondary WAN, and X3 as a DMZ, i have the TZ205 and sonicwall enhanced, but it is not looking like this is possible. I mean I can achieve separation by network address, but for security reasons I was hoping to physically separate once traffic left the sonicwall.

I guess I am not understanding. If you define the additional WAN X interfaces to those ip addresses you need, then what am I missing? If you want additional control you can assign zones for each, and set rules for that.

Not sure what you mean by "hoping to physically separate once traffic left the sonicwall."

Sorry for the bad terminology, wording. I am not exactly versed in firewall speak. Let me change wording, and simplify my setup for now. So I have a webserver behind 216.229.xxx.182 that is static and assigned to the primary WAN port. I have a secondary WAN port with a /29 subnet on network 216.229.xxx.160 (giving me 6 IP addresses, while 161 is the gateway, and I assigned 162 to the sonicwall as the secondary WAN address). At this point I am just trying to get this to work. I have an internal webserver (which I was originally going to put in a DMZ, but not worried about it at this point. I assigned it an IP of 192.168.20.13 (postfix server with ISPconfig, etc). I just want to be able to communicate with the email server at this point (using squirrelmail). I created address objects and created firewall policy, etc, but cannot communicate with the server. I am wondering what I am doing wrong? Apologize again for the sliding on the answer, as I said before I am just trying to get this to work firstly, and going to change as time goes on.

I am trying to use both WAN ports to communicate with the local class C network.

Ok, you can use both WAN ports as you want. By default, your X1 is the way out for all LAN traffic unless you specifically write rules to direct traffic to the secondary WAN (X2) port. For example, you might want to send all LAN originated http and https (browsing) traffic out the secondary X2. As for incoming traffic, you must also write separate rules for each WAN interface.

So, with regards to your email (smtp) and web server (http) traffic on the X2 interface I suggest you get rid of what you have, and use the Wizard to create both public server instances. If you have never used the Wizard, it will ask you questions, and use your answers to create all required objects, NATS, and rules for the service. You will need to run it twice, once for the email and once for the web server.

In the outside world you will have to redirect your incoming mail to the X2 ip address as well as your http(s) resolution. However to test before you do this you could use the ip address as http://xxx.xxx.xxx.xxx, and for email you could telnet xxx.xxx.xxx.xxx 25 and see the mail server prompt.

Thank you. I am thrown by all of this. I was hoping to use 1-1 NAT for my static IP's to just send all traffic from my external static IP I designated (coming from secondary WAN port) to my private email IP, and it to send all traffic back out of the secondary WAN port.