• Status: Solved
  • Priority: Medium
  • Security: Private
  • Views: 121
  • Last Modified:

Private subnet?

my network is as follows:

Comcast 10.1.10.1

Sonic Wall - 10.1.10.2 (gateway 192.168.1.1)


Just double checking, I want the SonicWALL subnet to be private.  I am a little concerned because when I am on a workstation behind the sonic wall I can ping the Comcast gateway, and navigate to the admin portal.

However, when I am directly plugged into the Comcast gateway I cannot ping the 1.1 gateway subnet.  So the SonicWALL subnet is not visible to the main comcast network.  Is my network setup and secured as intended?
0
tike55
Asked:
tike55
  • 3
2 Solutions
 
Blue Street TechLast KnightCommented:
Hi Tike55,

I am a little concerned because when I am on a workstation behind the sonic wall I can ping the Comcast gateway, and navigate to the admin portal...
That is because you are on the same network as the Modem/Router. Put the Modem/Router in Bridge Mode aka Transparent Mode. That way NAT will occur on the SonicWALL only (eliminating double NAT)! Once you have put the Modem/Router in Bridge Mode you will use the Public IP & Gateway to configure the WAN interface on the SonicWALL. Then your private network 192.168.1.0 will exist from the SonicWALL downstream.

However, when I am directly plugged into the Comcast gateway I cannot ping the 1.1 gateway subnet.
This is because your configuration is setup to double NAT. The Comcast is NAT'ing, which is why you are using a private IP network (10.0.10.1) on your SonicWALL for WAN1 (X1). Then your SonicWALL is NAT'ing again which is why you are using another private network (192.168.1.1) on your LAN (X0).

Is my network setup and secured as intended?
It would be more ideal to Bridge the Comcast but some Modem/Routers do not Bridge. In terms of security, make sure your Access Rules for WAN > LAN & WAN > to all other Zones are in Any, Any, All, Discard or Deny. That is your basic protection.

Make sense? Let me know if you have any other questions!
0
 
masnrockCommented:
There isn't necessarily a security issue (more detail at the end of this post). As Blue already cited, what you have going on is double NAT. With your current setup, devices behind the Sonicwall will be able to see devices that are behind only the Comcast modem, but not vice versa. So to answer the whether the network is "private" to use your words, the answer is yes.

Now, if you received static IP addresses from Comcast, you should configure one of those directly into the Sonicwall WAN interface instead. That eliminates the double NAT, plus you won't be able to access the Comcast modem's interface from behind the Sonicwall using 10.1.10.1. (You would have to either connect directly to the modem or configure it to allow remote administration, the latter I would never recommend)

So at the end of the day, there isn't anything necessarily wrong with your setup, it just comes down to what you intend. But if you are going to keep the existing setup, change the password on the Comcast modem so that someone who is a bit savvy can't tinker around and possibly mess things up!
0
 
Blue Street TechLast KnightCommented:
Hi Tike55,

Do you have any questions with what I posted? I believe I answered all of yours. :)
0
 
Blue Street TechLast KnightCommented:
Glad I could help...thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now