Adding ISP router/modem to SonicWALL interface

I currently have a SonicWALL TZ 200 configured with WAN connections on 2 interfaces. I recently purchased a HughesNET satellite connection and I want hook this up to the SonicWALL (And add it to the failover/load balancing). However, once I received the Modem from HughesNET (HT2000) I learned that it does not have a "Bridge" mode built into the router. I cannot disrupt my current Subnet (needs to stay the same). Does anyone know if there a way to configure the interface for the modem/router combo into the SonicWALL so it will work properly?

Thanks in advance.
LVL 1
filtrationproductsAsked:
Who is Participating?
 
Blue Street TechLast KnightCommented:
That is not NAT though, take 192.168.1.100 and handing out 192.168.1.0 - there is no need for translation they are in the same network.

You can change the private IP address from 192.168.<changeable_octet>.<changeable_octet>. So instead of 192.168.1.101 with a subnet mask of 255.255.255.0 you could change them to 192.168.20.1 with a subnet mask of 255.255.255.248. That would in turn automatically change the IP Pool below it to 192.168.20.2-192.168.20.6. See image below. Please take screenshots of the Firewall, LAN DHCP, NAT & the Routing sections. See below:Highes RouterAlso, if this is not in some sort of Bridge Mode you shouldn't be able to configure the Public GW and if you can then you should be able to configure an Public IP address too since it is not NAT'ing. Also routing port 80 by itself will not be enough to actually use this WAN as a normal functioning ingress. You need to forward all services and all ports, then handle what gets opened in the SonicWALL. See if you can turn off DHCP on the Router.

The SonicWALL X4 should be like this in a double NAT scenario:
Zone: WAN
IP Assignment: Static
IP Address: 192.168.20.2
Subnet Mask: 255.255.255.248
Default Gateway: 192.168.20.1
DNS Server 1: 8.8.8.8
DNS Server 1: 8.8.4.4
Also, remember to lock-down that Ping to Authorized Sources as a security Best Practice in the Access Rules section under WAN>WAN.

This is an invalid configuration for the WAN Interface by assigning a Public IP for the Gateway and and Private IP for the IP address. See below:SonicWALL X4 Interface
0
 
Blue Street TechLast KnightCommented:
Hi filtrationproducts,

So to clarify, the Hughes net will be your 2nd or 3rd WAN connection?

Regardless, this is totally possible. Just port forward all traffic to the SonicWALL, disable all security services, and use its handed out IP as your gateway info for the SonicWALL interface (X2 or whichever you have it plugged into).

You mentioned you can't change you're subnet... is it handing out a conflicting one? If so, you should be able to modify it once you login to it and change the internal IP address and DHCP scope.

Let me know if you have any questions!
0
 
filtrationproductsAuthor Commented:
I configured the Hughesnet modem, however I am still having difficulties (no link on interface). I am wondering if I just have a setting incorrect.
Hughesnet Router:
Ip: 192.168.1.101
DHCP 192.168.1.102-106
Configured NAT for all the ports I need to go to the SonicWALL (192.168.1.1)

I configured the interface on the SonicWALL for the Hughesnet modem
WAN / STATIC
IP = 192.168.1.101
Mask = 255.255.255.0
Gateway = 72.170.244.248 (public facing IP on modem)
DNS = 192.168.1.101
DNS2 = 8.8.8.8

Or do I need to configure this as a LAN port? And would the IP subnet need to be different? (If so NAT forwarding would not work. Since you can only change the last number of the IP)
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
masnrockCommented:
There's your issue: The Sonicwall port is configured incorrectly. You created an IP address conflict between the Sonicwall WAN port and the Hughesnet router. The WAN port's IP should be in the same subnet as the Hughes router, but not have the exact same IP address. However, the router's LAN IP would be the default gateway.

Here's a sample of how it could be configured.

IP = 192.168.1.100 (or any other non-DHCP address)
Mask = 255.255.255.0
Gateway = 192.168.1.101
DNS = 192.168.1.101 (or any other preferred outside DNS server)
DNS2 = 8.8.8.8

Please tell me that you made sure that the Sonicwall isn't also using 192.168.1.x ... if it is, then you need to change that on the Hughesnet.

And would the IP subnet need to be different?
Have you looked under Advanced > LAN? You should be able to make an adjustment there.
1
 
filtrationproductsAuthor Commented:
The sonicwall will not allow me to change the "IP Address" field on the Hughes Interface to an 192.168.1.X address. It will appear to save, but will default back to the old value. It does however show that the link is up now with the following settings. I have the Hughes router programmed to forward, for example traffic on port 80 to the SonicWALL IP, yet I am still unable to access the internal web server from an external network. Any thoughts?

IP = (Public IP on Hughes router)
Mask = 255.255.255.0
Gateway = 192.168.1.101 (Hughes Router Internal IP)
DNS = 192.168.1.101
DNS2 = 8.8.8.8
0
 
masnrockCommented:
Could you please show screenshots?
0
 
Blue Street TechLast KnightCommented:
Reconfigure your WAN Interface entirely. What is the IP Assignment for your WAN...it should be set to Static or DHCP, whichever you prefer. Static will provide you with more control over IP and DNS info.

If the Modem/Router is not set to Bridge Mode but rather Router Mode then the SonicWALL must have the internal or NAT'ed IP address from the Router. If it can be put in Bridge or Transparent Mode then your initial configuration would have been correct to use the Public IP/Gateway in the SonicWALL since all the traffic is simply just being translated by the Modem and passed through.
0
 
filtrationproductsAuthor Commented:
I am assigning static info to the interface. Please see attached screenshots. I am unable to assign the IP Address field on the Sonicwall Interface to a 192.168.1.X number. It simply reverts to the old number (100.77.0.1) when I click save. The IP I am attempting to change it to is unused, and not part of the DHCP scope.
HUGHES-CONFIG.JPG
Sonicwall-Interface.JPG
0
 
masnrockCommented:
What is the LAN IP of the Sonicwall?

Also on the Hughes router, you should be able to change the octets in the screenshot you showed. That should fix that issue at least.
0
 
filtrationproductsAuthor Commented:
Lan IP of the SonicWALL is 192.168.1.1. I have configured NAT traffic on the Hughes to point to 192.168.1.1. but I am not sure what you mean when you say change the octets on the Hughes router?
0
 
masnrockCommented:
With your setup, both devices cannot have 192.168.1.x addresses. This is why you're having issues with the WAN interface configuration.

You said specifically that you needed the LAN addresses for the Sonicwall to remain the same. Look at the screenshot you provided for the Hughes router. Are you able to edit the fields for the LAN address so that is ends up saying 192.168.10.1?

If that works, then go to the WAN interface on the Sonicwall and change the IP to a 192.168.10.x address, then also update the default gateway to the address of the Hughes.
0
 
filtrationproductsAuthor Commented:
I can certainly do that, but then my NAT will only be allowed to point 192.168.10.X addresses and I need to forward NAT traffic to the 192.168.1.X network where my servers reside.

I am beginning to believe this just isn't possible without bridge mode.
0
 
masnrockCommented:
The whole problem revolves around the fact that Hughes doesn't offer devices where you can at least get into bridge mode, which would force you into a double NAT situation in order to be able to use your firewall for what you want to do.

Unless Hughes is willing to help you.....
0
 
filtrationproductsAuthor Commented:
Due to the limitations of the Hughes NET router, it is not possible to configure with any additional routers. I verified this with a HughesNET engineer. They did however inform me that they will be releasing a new modem in the next year that has bridge mode.
0
 
Blue Street TechLast KnightCommented:
I assume you asked them if they could provide a modem or Ethernet ready hand-off instead of a router? In any case, even if the Router will not Bridge you should be able to configure its corresponding WAN Interface in the SonicWALL and just use the NAT'd address (you can set this address to be anything privately as long as it doesn't conflict with any other private address in your network). You will have double NAT but other than porting everything through to the SonicWALL there is not much left in terms of what you can configure.
0
 
filtrationproductsAuthor Commented:
They do not have a "modem only" version.

And the router does not allow you to forward traffic to a separate subnet. So if I set the HughesNET on a seperate subnet as the Sonicwall, there is no possible way to NAT the traffic to the sonicwall.
0
 
Blue Street TechLast KnightCommented:
Sure, you can take 192.168.X.0 and NAT it to 10.X.X.0 (or whatever), its called private to private NAT!

What about an Ethernet-ready hand-off?
0
 
filtrationproductsAuthor Commented:
If the Hughenet router has an IP address of 192.168.1.100, you are forced to NAT to the 192.168.1.X Sub net. There are no other options on this router.

No Ethernet ready hand off either.
0
 
masnrockCommented:
And the router does not allow you to forward traffic to a separate subnet. So if I set the HughesNET on a seperate subnet as the Sonicwall, there is no possible way to NAT the traffic to the sonicwall.
This gets back to the double NAT bit that was discussed at the beginning.

Now, you would have 2 choices: 1) Wait for Hughes, or 2) Get a different provider. I'm not sure where you're located, but there might be another fixed wireless internet provider in your area.
0
 
filtrationproductsAuthor Commented:
I was configuring it wrong as I was trying to port forward to 192.168.1.1 from the hughes, instead of the WAN interface IP (192.168.20.1). This makes sense now. Thank you.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.