Avatar of PRNComputers
PRNComputersFlag for United States of America asked on

SonicWALL with 2 WANs

We have a hotel client that has a TZ-100 configured to use their existing internet connection to support their internal business network (one subnet, SBS 2011) as well as their Reservations Webserver (different subnet, Windows 7). The internet connection has a static IP address which is being utilized by the Reservations Webserver for HTTP and HTTPS access. There are also firewall rules in place with allow traffic to flow between the two subnets over specific ports so the Reservations Webserver can communicate with their Property Management Software running on the SBS 2011 server.

They have now added another internet connection which they want to use for their business network and SBS 2011 Server as well as allow for OWA and Smartphone access to Exchange. The new connection also has its own static IP.

Is there a way to configure 2 WAN connections on the SonicWALL, each with their own static IP? We like to keep the internet traffic separated between the two subnets but keep the local traffic between the two subnets open over the currently specified ports. Also, we need to keep in mind that ports like 80 and 443 are utilized by both the Webserver and OWA (Exchange), so traffic coming in from the original internet line (Static IP 1) over port 80 needs to go to the Webserver (Subnet 1), while traffic coming in from the new internet line (Static IP 2) over port 80 needs to go to the SBS/Exchange server (Subnet 2).

Does this question make sense, and if so, is it possible? If so to both, how I do this? Thanks so much in advance.
Microsoft Server OSHardware FirewallsSBS

Avatar of undefined
Last Comment
Blue Street Tech

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
ZabagaR

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Blue Street Tech

Hi PRNComputers,

When you say different subnets are you talking about different Zones or just different subnets?

You can accomplish this through PortShield Groups and Zone Assignments.

Here is how to create a Secondary WAN connection:
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7781

Here is how to route only SMTP traffic through your Secondary WAN interface: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5733

The Zone Assignment, PortShileding, & custom NAT policies will isolated the traffic so that ISP2 traffic coming in on port 80 will be going into SBS's zone respectively and the same with ISP1/Webserver.

You may want to create a DMZ for the web server and put the SBS box in the LAN the To lock down the communication between the Zones you simply create a Deny Firewall Rule on each Zone e.g. (DMZ>LAN, & LAN>DMZ) and then create additional rules to allow specific services, sources & destinations to secure communication between both Zones.

This can all be done without the additional WAN as well if you have more than 1 Static IP address provided from your ISP. Typically they give you 5 but in some cases they only provide one and in that case you can easily purchase another for around $25/mo. It's way cheaper than an additional WAN connection but if the client will pay...it's better overall bandwidth obviously.

Let me know how it goes.
ASKER
PRNComputers

So sorry for the delay. Had a bad family emergency (still going on) that's kept me away from things.

I went with the first option and I am able to get to the firewall via both WAN ports. That's exciting. However, I'm not currently able to get to OWA from outside. I guess I'll have to figure out how to redirect ports 80 and 443 for each WAN port separately. Since I left this hanging for so long, I'm going to give the points now and try to do the port thing myself. Thanks.
ZabagaR

Since port 80 and 443 are by default management ports on the sonicwall, you'd either change the management ports to something else or uncheck the management box for one of those 2 ports altogether.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Blue Street Tech

Setup a new question and I'll explain it there since this is a different question altogether!

P.S. So sorry to hear about your family emergency. I hope all is well soon!
ASKER
PRNComputers

Hi, Diverseit,

Thanks for the help and good wishes, it is all greatly appreciated.

I've opened a new question titled "Redirecting Ports on SonicWALL with 2 WANs". Any help would also be greatly appreciated.
Blue Street Tech

You're welcome. Going over there now!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.