Solved

Configure secondary block of public IPs on Sonicwall NSA 3500

Posted on 2014-04-28
6
1,262 Views
Last Modified: 2014-05-03
I have a Sonicwall NSA 3500 firewall. I have a primary block of public IP addresses that are working fine but I need to utilize a second block of IPs that are routing over the primary from the telco side. Does anyone know how to configure this on a sonic wall? I am not finding much info on it. I have done the NATing and firewall rules etc but I don't see a place to configure the gateway on the firewall for the 2nd block of IPs.
0
Comment
Question by:DaveKall42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:wsawalhi
ID: 40028106
Hi,

Is this for a second internet connection? can you please provide more information?
what are you trying to accomplish.

Thank you
Sam
0
 

Author Comment

by:DaveKall42
ID: 40028115
No this is on the primary connection.  There is a secondary set up IP addresses that have been provided by the telco provider that route over the first set.
0
 
LVL 4

Expert Comment

by:wsawalhi
ID: 40028202
To help me better assist you with your question.
Here what I'm gathering from your question. You have a SonicWall NSA 3500 (which is currently up and running with one public IP address that was provided to you from your ISP. Correct?
but you were also provided with additional IP addresses that you would like to configure in your SonicWall.

The additional IP addresses are/will they be pointing to any network devices, Servers or any device with an IP address? if your answer is no then there is nothing you will need to configure, but if do have IP devices behind the SonicWall then this is relatively straightforward. There are essentially two parts required. First, a NAT rule providing address translation, and a firewall access rule, permitting traffic to cross zones.

For the NAT piece, create a rule that keeps the originating IP intact, but translates from your external static IP, to your internal DMZ, and does so for whatever specific service (TCP/IP port) you wish to translate. I would also recommend making a second rule for ICMP traffic, so you can ping the server from the outside world.

    Original Source: Any
    Translated Source: Original
    Original Service:
    Translated Service: Original.
    Original Destination: External IP address object
    Translated Destination: Internal DMZ IP address

Next, you need to enable that service in the firewall. You'll also want a second rule for ICMP traffic, so those pings work. These two rules will be created the From WAN to DMZ. (Or whatever zone you have your server in)

    Source: Any
    Destination: External IP address object.
    Service:
    Action: Allow
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 

Accepted Solution

by:
DaveKall42 earned 0 total points
ID: 40028212
No, actually the first set of IP addresses is working fine.  We have a 2nd set of IPs in a different subnet that are routing over the primary set of IPs.  I actually just fixed the issue as I had to add a static arp entry and a routing entry for the 2nd set of IPs and that fixed the issue.  Thanks for your assistance though.  :)
0
 
LVL 4

Expert Comment

by:wsawalhi
ID: 40028220
I'm glad you did...Cheers!

Thank you,
Sam
0
 

Author Closing Comment

by:DaveKall42
ID: 40039048
I was able to find a solution to the issue and it was what I put in the comment field.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question