SonicWALL with 2 WANs

We have a hotel client that has a TZ-100 configured to use their existing internet connection to support their internal business network (one subnet, SBS 2011) as well as their Reservations Webserver (different subnet, Windows 7). The internet connection has a static IP address which is being utilized by the Reservations Webserver for HTTP and HTTPS access. There are also firewall rules in place with allow traffic to flow between the two subnets over specific ports so the Reservations Webserver can communicate with their Property Management Software running on the SBS 2011 server.

They have now added another internet connection which they want to use for their business network and SBS 2011 Server as well as allow for OWA and Smartphone access to Exchange. The new connection also has its own static IP.

Is there a way to configure 2 WAN connections on the SonicWALL, each with their own static IP? We like to keep the internet traffic separated between the two subnets but keep the local traffic between the two subnets open over the currently specified ports. Also, we need to keep in mind that ports like 80 and 443 are utilized by both the Webserver and OWA (Exchange), so traffic coming in from the original internet line (Static IP 1) over port 80 needs to go to the Webserver (Subnet 1), while traffic coming in from the new internet line (Static IP 2) over port 80 needs to go to the SBS/Exchange server (Subnet 2).

Does this question make sense, and if so, is it possible? If so to both, how I do this? Thanks so much in advance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It sounds very do-able.

I think that TZ100 Sonicwall has ports X0 through X4 on it. Your existing internet for example lets say is on X0. You'd put your secondary internet connection on a free X port, say X1.

On the network tab on the sonicwall you define whether X0 or X1 is LAN, WAN, etc...So you'd just have 2 WAN interfaces. There's nothing unusual there. You'd configure the new one just like the existing WAN/internet is configured on the sonicwall.

I'd run the Public Server Wizard to define which internet line (say X0 and X1) hosts what services. It will make the firewall rules for you.

Click on Firewall -> Access Rules then toward the upper right of the screen, click WIZARDS.
Pick Public Server Wizard. Pick your service or corresponding port (80 or443) that from the drop down list. Next screen, Under the "private network" section, enter the IP of your machine on the LAN hosting the service. Next under "server's public IP" enter the WAN address, either the X1 or X0 address...depending on where you're expecting the traffic to come from.

You can use the firewall rules to allow or prevent traffic from one zone or one interface to another.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Hi PRNComputers,

When you say different subnets are you talking about different Zones or just different subnets?

You can accomplish this through PortShield Groups and Zone Assignments.

Here is how to create a Secondary WAN connection:

Here is how to route only SMTP traffic through your Secondary WAN interface:

The Zone Assignment, PortShileding, & custom NAT policies will isolated the traffic so that ISP2 traffic coming in on port 80 will be going into SBS's zone respectively and the same with ISP1/Webserver.

You may want to create a DMZ for the web server and put the SBS box in the LAN the To lock down the communication between the Zones you simply create a Deny Firewall Rule on each Zone e.g. (DMZ>LAN, & LAN>DMZ) and then create additional rules to allow specific services, sources & destinations to secure communication between both Zones.

This can all be done without the additional WAN as well if you have more than 1 Static IP address provided from your ISP. Typically they give you 5 but in some cases they only provide one and in that case you can easily purchase another for around $25/mo. It's way cheaper than an additional WAN connection but if the client will's better overall bandwidth obviously.

Let me know how it goes.
PRNComputersAuthor Commented:
So sorry for the delay. Had a bad family emergency (still going on) that's kept me away from things.

I went with the first option and I am able to get to the firewall via both WAN ports. That's exciting. However, I'm not currently able to get to OWA from outside. I guess I'll have to figure out how to redirect ports 80 and 443 for each WAN port separately. Since I left this hanging for so long, I'm going to give the points now and try to do the port thing myself. Thanks.
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Since port 80 and 443 are by default management ports on the sonicwall, you'd either change the management ports to something else or uncheck the management box for one of those 2 ports altogether.
Blue Street TechLast KnightCommented:
Setup a new question and I'll explain it there since this is a different question altogether!

P.S. So sorry to hear about your family emergency. I hope all is well soon!
PRNComputersAuthor Commented:
Hi, Diverseit,

Thanks for the help and good wishes, it is all greatly appreciated.

I've opened a new question titled "Redirecting Ports on SonicWALL with 2 WANs". Any help would also be greatly appreciated.
Blue Street TechLast KnightCommented:
You're welcome. Going over there now!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.