[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Configure secondary block of public IPs on Sonicwall NSA 3500

Posted on 2014-04-28
6
Medium Priority
?
1,295 Views
Last Modified: 2014-05-03
I have a Sonicwall NSA 3500 firewall. I have a primary block of public IP addresses that are working fine but I need to utilize a second block of IPs that are routing over the primary from the telco side. Does anyone know how to configure this on a sonic wall? I am not finding much info on it. I have done the NATing and firewall rules etc but I don't see a place to configure the gateway on the firewall for the 2nd block of IPs.
0
Comment
Question by:DaveKall42
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:Sam Sawalhi
ID: 40028106
Hi,

Is this for a second internet connection? can you please provide more information?
what are you trying to accomplish.

Thank you
Sam
0
 

Author Comment

by:DaveKall42
ID: 40028115
No this is on the primary connection.  There is a secondary set up IP addresses that have been provided by the telco provider that route over the first set.
0
 
LVL 4

Expert Comment

by:Sam Sawalhi
ID: 40028202
To help me better assist you with your question.
Here what I'm gathering from your question. You have a SonicWall NSA 3500 (which is currently up and running with one public IP address that was provided to you from your ISP. Correct?
but you were also provided with additional IP addresses that you would like to configure in your SonicWall.

The additional IP addresses are/will they be pointing to any network devices, Servers or any device with an IP address? if your answer is no then there is nothing you will need to configure, but if do have IP devices behind the SonicWall then this is relatively straightforward. There are essentially two parts required. First, a NAT rule providing address translation, and a firewall access rule, permitting traffic to cross zones.

For the NAT piece, create a rule that keeps the originating IP intact, but translates from your external static IP, to your internal DMZ, and does so for whatever specific service (TCP/IP port) you wish to translate. I would also recommend making a second rule for ICMP traffic, so you can ping the server from the outside world.

    Original Source: Any
    Translated Source: Original
    Original Service:
    Translated Service: Original.
    Original Destination: External IP address object
    Translated Destination: Internal DMZ IP address

Next, you need to enable that service in the firewall. You'll also want a second rule for ICMP traffic, so those pings work. These two rules will be created the From WAN to DMZ. (Or whatever zone you have your server in)

    Source: Any
    Destination: External IP address object.
    Service:
    Action: Allow
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Accepted Solution

by:
DaveKall42 earned 0 total points
ID: 40028212
No, actually the first set of IP addresses is working fine.  We have a 2nd set of IPs in a different subnet that are routing over the primary set of IPs.  I actually just fixed the issue as I had to add a static arp entry and a routing entry for the 2nd set of IPs and that fixed the issue.  Thanks for your assistance though.  :)
0
 
LVL 4

Expert Comment

by:Sam Sawalhi
ID: 40028220
I'm glad you did...Cheers!

Thank you,
Sam
0
 

Author Closing Comment

by:DaveKall42
ID: 40039048
I was able to find a solution to the issue and it was what I put in the comment field.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question