Private subnet?

my network is as follows:

Comcast 10.1.10.1

Sonic Wall - 10.1.10.2 (gateway 192.168.1.1)


Just double checking, I want the SonicWALL subnet to be private.  I am a little concerned because when I am on a workstation behind the sonic wall I can ping the Comcast gateway, and navigate to the admin portal.

However, when I am directly plugged into the Comcast gateway I cannot ping the 1.1 gateway subnet.  So the SonicWALL subnet is not visible to the main comcast network.  Is my network setup and secured as intended?
tike55Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Tike55,

I am a little concerned because when I am on a workstation behind the sonic wall I can ping the Comcast gateway, and navigate to the admin portal...
That is because you are on the same network as the Modem/Router. Put the Modem/Router in Bridge Mode aka Transparent Mode. That way NAT will occur on the SonicWALL only (eliminating double NAT)! Once you have put the Modem/Router in Bridge Mode you will use the Public IP & Gateway to configure the WAN interface on the SonicWALL. Then your private network 192.168.1.0 will exist from the SonicWALL downstream.

However, when I am directly plugged into the Comcast gateway I cannot ping the 1.1 gateway subnet.
This is because your configuration is setup to double NAT. The Comcast is NAT'ing, which is why you are using a private IP network (10.0.10.1) on your SonicWALL for WAN1 (X1). Then your SonicWALL is NAT'ing again which is why you are using another private network (192.168.1.1) on your LAN (X0).

Is my network setup and secured as intended?
It would be more ideal to Bridge the Comcast but some Modem/Routers do not Bridge. In terms of security, make sure your Access Rules for WAN > LAN & WAN > to all other Zones are in Any, Any, All, Discard or Deny. That is your basic protection.

Make sense? Let me know if you have any other questions!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
There isn't necessarily a security issue (more detail at the end of this post). As Blue already cited, what you have going on is double NAT. With your current setup, devices behind the Sonicwall will be able to see devices that are behind only the Comcast modem, but not vice versa. So to answer the whether the network is "private" to use your words, the answer is yes.

Now, if you received static IP addresses from Comcast, you should configure one of those directly into the Sonicwall WAN interface instead. That eliminates the double NAT, plus you won't be able to access the Comcast modem's interface from behind the Sonicwall using 10.1.10.1. (You would have to either connect directly to the modem or configure it to allow remote administration, the latter I would never recommend)

So at the end of the day, there isn't anything necessarily wrong with your setup, it just comes down to what you intend. But if you are going to keep the existing setup, change the password on the Comcast modem so that someone who is a bit savvy can't tinker around and possibly mess things up!
0
Blue Street TechLast KnightCommented:
Hi Tike55,

Do you have any questions with what I posted? I believe I answered all of yours. :)
0
Blue Street TechLast KnightCommented:
Glad I could help...thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.