engineer2050
asked on
Sonicwall NSA 3600 transparent DMZ to LAN/WAN NAT and rules
Hello- We are migrating from a Sonicwall 3060 to an NSA 3600. We have 3 interfaces set up- X0 LAN, X1 WAN and X3 transparent DMZ. We have used the Server wizard to automatically create address objects, service objects and access rules, as well as NAT policies, for each server. All our servers are on the same subnet as the WAN interface. We have two questions:
1) The server wizard requires a public and private IP address. But since our servers are on the transparent DMZ, not on the LAN, we have entered the same public address for both fields in the wizard. The wizard completed successfully and gave no errors. Will this work when we bring the system online?
2) Some of the DMZ servers require a few services to be blocked from WAN access, but allowed from LAN access. We are not sure how to do this. If we use the wizard to create new access rules, NAT policies, etc it binds the access rules to the WAN/DMZ, so we cannot modify the Source field in the access rules, since it doesn't apply to the LAN. We are trying to avoid creating this manually since frankly we are not sure how the NAT policies work, and would rather let the wizard create them automatically.
Any help would be appreciated. This is for an educational organization with about 200 users.
1) The server wizard requires a public and private IP address. But since our servers are on the transparent DMZ, not on the LAN, we have entered the same public address for both fields in the wizard. The wizard completed successfully and gave no errors. Will this work when we bring the system online?
2) Some of the DMZ servers require a few services to be blocked from WAN access, but allowed from LAN access. We are not sure how to do this. If we use the wizard to create new access rules, NAT policies, etc it binds the access rules to the WAN/DMZ, so we cannot modify the Source field in the access rules, since it doesn't apply to the LAN. We are trying to avoid creating this manually since frankly we are not sure how the NAT policies work, and would rather let the wizard create them automatically.
Any help would be appreciated. This is for an educational organization with about 200 users.
Carl Dula
If you are trying to duplicate the settings of the 3060 in the new 3600, why not simply export them and import on the new device?
ASKER
Good advice- but will that work? The Sonic O/S version and whole setup are so different on the 2 units.
Yes it should. Take a look at:
https://support.software.dell.com/download/downloads?id=5473488
This talks about from 5.9 to 6.1, but the procedure is the same for older versions.
https://support.software.dell.com/download/downloads?id=5473488
This talks about from 5.9 to 6.1, but the procedure is the same for older versions.
ASKER
Our older Sonic is a PRO3060 with SonicOS Standard 3.1.6.3-4s, quite old. And Standard is quite different from Sonic Enhanced.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.