SonicWALL with 2 WANs
We have a hotel client that has a TZ-100 configured to use their existing internet connection to support their internal business network (one subnet, SBS 2011) as well as their Reservations Webserver (different subnet, Windows 7). The internet connection has a static IP address which is being utilized by the Reservations Webserver for HTTP and HTTPS access. There are also firewall rules in place with allow traffic to flow between the two subnets over specific ports so the Reservations Webserver can communicate with their Property Management Software running on the SBS 2011 server.
They have now added another internet connection which they want to use for their business network and SBS 2011 Server as well as allow for OWA and Smartphone access to Exchange. The new connection also has its own static IP.
Is there a way to configure 2 WAN connections on the SonicWALL, each with their own static IP? We like to keep the internet traffic separated between the two subnets but keep the local traffic between the two subnets open over the currently specified ports. Also, we need to keep in mind that ports like 80 and 443 are utilized by both the Webserver and OWA (Exchange), so traffic coming in from the original internet line (Static IP 1) over port 80 needs to go to the Webserver (Subnet 1), while traffic coming in from the new internet line (Static IP 2) over port 80 needs to go to the SBS/Exchange server (Subnet 2).
Does this question make sense, and if so, is it possible? If so to both, how I do this? Thanks so much in advance.
They have now added another internet connection which they want to use for their business network and SBS 2011 Server as well as allow for OWA and Smartphone access to Exchange. The new connection also has its own static IP.
Is there a way to configure 2 WAN connections on the SonicWALL, each with their own static IP? We like to keep the internet traffic separated between the two subnets but keep the local traffic between the two subnets open over the currently specified ports. Also, we need to keep in mind that ports like 80 and 443 are utilized by both the Webserver and OWA (Exchange), so traffic coming in from the original internet line (Static IP 1) over port 80 needs to go to the Webserver (Subnet 1), while traffic coming in from the new internet line (Static IP 2) over port 80 needs to go to the SBS/Exchange server (Subnet 2).
Does this question make sense, and if so, is it possible? If so to both, how I do this? Thanks so much in advance.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
So sorry for the delay. Had a bad family emergency (still going on) that's kept me away from things.
I went with the first option and I am able to get to the firewall via both WAN ports. That's exciting. However, I'm not currently able to get to OWA from outside. I guess I'll have to figure out how to redirect ports 80 and 443 for each WAN port separately. Since I left this hanging for so long, I'm going to give the points now and try to do the port thing myself. Thanks.
I went with the first option and I am able to get to the firewall via both WAN ports. That's exciting. However, I'm not currently able to get to OWA from outside. I guess I'll have to figure out how to redirect ports 80 and 443 for each WAN port separately. Since I left this hanging for so long, I'm going to give the points now and try to do the port thing myself. Thanks.
Since port 80 and 443 are by default management ports on the sonicwall, you'd either change the management ports to something else or uncheck the management box for one of those 2 ports altogether.
Setup a new question and I'll explain it there since this is a different question altogether!
P.S. So sorry to hear about your family emergency. I hope all is well soon!
P.S. So sorry to hear about your family emergency. I hope all is well soon!
ASKER
Hi, Diverseit,
Thanks for the help and good wishes, it is all greatly appreciated.
I've opened a new question titled "Redirecting Ports on SonicWALL with 2 WANs". Any help would also be greatly appreciated.
Thanks for the help and good wishes, it is all greatly appreciated.
I've opened a new question titled "Redirecting Ports on SonicWALL with 2 WANs". Any help would also be greatly appreciated.
You're welcome. Going over there now!
SBS
Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).
59K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
When you say different subnets are you talking about different Zones or just different subnets?
You can accomplish this through PortShield Groups and Zone Assignments.
Here is how to create a Secondary WAN connection:
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7781
Here is how to route only SMTP traffic through your Secondary WAN interface: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5733
The Zone Assignment, PortShileding, & custom NAT policies will isolated the traffic so that ISP2 traffic coming in on port 80 will be going into SBS's zone respectively and the same with ISP1/Webserver.
You may want to create a DMZ for the web server and put the SBS box in the LAN the To lock down the communication between the Zones you simply create a Deny Firewall Rule on each Zone e.g. (DMZ>LAN, & LAN>DMZ) and then create additional rules to allow specific services, sources & destinations to secure communication between both Zones.
This can all be done without the additional WAN as well if you have more than 1 Static IP address provided from your ISP. Typically they give you 5 but in some cases they only provide one and in that case you can easily purchase another for around $25/mo. It's way cheaper than an additional WAN connection but if the client will pay...it's better overall bandwidth obviously.
Let me know how it goes.