SonicWALL with 2 WANs

Posted on 2013-09-04
Medium Priority
Last Modified: 2013-12-02
We have a hotel client that has a TZ-100 configured to use their existing internet connection to support their internal business network (one subnet, SBS 2011) as well as their Reservations Webserver (different subnet, Windows 7). The internet connection has a static IP address which is being utilized by the Reservations Webserver for HTTP and HTTPS access. There are also firewall rules in place with allow traffic to flow between the two subnets over specific ports so the Reservations Webserver can communicate with their Property Management Software running on the SBS 2011 server.

They have now added another internet connection which they want to use for their business network and SBS 2011 Server as well as allow for OWA and Smartphone access to Exchange. The new connection also has its own static IP.

Is there a way to configure 2 WAN connections on the SonicWALL, each with their own static IP? We like to keep the internet traffic separated between the two subnets but keep the local traffic between the two subnets open over the currently specified ports. Also, we need to keep in mind that ports like 80 and 443 are utilized by both the Webserver and OWA (Exchange), so traffic coming in from the original internet line (Static IP 1) over port 80 needs to go to the Webserver (Subnet 1), while traffic coming in from the new internet line (Static IP 2) over port 80 needs to go to the SBS/Exchange server (Subnet 2).

Does this question make sense, and if so, is it possible? If so to both, how I do this? Thanks so much in advance.
Question by:PRNComputers
  • 3
  • 2
  • 2
LVL 15

Accepted Solution

ZabagaR earned 2000 total points
ID: 39465406
It sounds very do-able.

I think that TZ100 Sonicwall has ports X0 through X4 on it. Your existing internet for example lets say is on X0. You'd put your secondary internet connection on a free X port, say X1.

On the network tab on the sonicwall you define whether X0 or X1 is LAN, WAN, etc...So you'd just have 2 WAN interfaces. There's nothing unusual there. You'd configure the new one just like the existing WAN/internet is configured on the sonicwall.

I'd run the Public Server Wizard to define which internet line (say X0 and X1) hosts what services. It will make the firewall rules for you.

Click on Firewall -> Access Rules then toward the upper right of the screen, click WIZARDS.
Pick Public Server Wizard. Pick your service or corresponding port (80 or443) that from the drop down list. Next screen, Under the "private network" section, enter the IP of your machine on the LAN hosting the service. Next under "server's public IP" enter the WAN address, either the X1 or X0 address...depending on where you're expecting the traffic to come from.

You can use the firewall rules to allow or prevent traffic from one zone or one interface to another.
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39465822
Hi PRNComputers,

When you say different subnets are you talking about different Zones or just different subnets?

You can accomplish this through PortShield Groups and Zone Assignments.

Here is how to create a Secondary WAN connection:

Here is how to route only SMTP traffic through your Secondary WAN interface: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5733

The Zone Assignment, PortShileding, & custom NAT policies will isolated the traffic so that ISP2 traffic coming in on port 80 will be going into SBS's zone respectively and the same with ISP1/Webserver.

You may want to create a DMZ for the web server and put the SBS box in the LAN the To lock down the communication between the Zones you simply create a Deny Firewall Rule on each Zone e.g. (DMZ>LAN, & LAN>DMZ) and then create additional rules to allow specific services, sources & destinations to secure communication between both Zones.

This can all be done without the additional WAN as well if you have more than 1 Static IP address provided from your ISP. Typically they give you 5 but in some cases they only provide one and in that case you can easily purchase another for around $25/mo. It's way cheaper than an additional WAN connection but if the client will pay...it's better overall bandwidth obviously.

Let me know how it goes.

Author Closing Comment

ID: 39490861
So sorry for the delay. Had a bad family emergency (still going on) that's kept me away from things.

I went with the first option and I am able to get to the firewall via both WAN ports. That's exciting. However, I'm not currently able to get to OWA from outside. I guess I'll have to figure out how to redirect ports 80 and 443 for each WAN port separately. Since I left this hanging for so long, I'm going to give the points now and try to do the port thing myself. Thanks.
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

LVL 15

Expert Comment

ID: 39491053
Since port 80 and 443 are by default management ports on the sonicwall, you'd either change the management ports to something else or uncheck the management box for one of those 2 ports altogether.
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39491360
Setup a new question and I'll explain it there since this is a different question altogether!

P.S. So sorry to hear about your family emergency. I hope all is well soon!

Author Comment

ID: 39491461
Hi, Diverseit,

Thanks for the help and good wishes, it is all greatly appreciated.

I've opened a new question titled "Redirecting Ports on SonicWALL with 2 WANs". Any help would also be greatly appreciated.
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39491508
You're welcome. Going over there now!

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
The Exchange database may sometimes fail to mount owing to various technical reasons. A dismounted EDB file can be the source of many Exchange errors including mailbox inaccessibility for users. Resolving the root cause of mounting problems becomes …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question