Public LAN IP
Recently we receive one project, we found that that is unusual network setup because the given the router TP-Link AC1200. Usually we are using MSR930 or Cisco Router as WAN router so that we can use the Public LAN IP given by ISP in our network (Scenario 1).
To overcome this issue, we are connecting the ONT to our Firewall WAN port directly and now we are thinking how to use the public LAN IP for our devices. Someone is said we can create VLAN or secondary IP, but I don’t have any experience for this setup
I hope that some expert can advise which is correct option and how-to setup in our SonicWALL TZ600.Thanks
Case-Study.pdf
To overcome this issue, we are connecting the ONT to our Firewall WAN port directly and now we are thinking how to use the public LAN IP for our devices. Someone is said we can create VLAN or secondary IP, but I don’t have any experience for this setup
I hope that some expert can advise which is correct option and how-to setup in our SonicWALL TZ600.Thanks
Case-Study.pdf
One option on the 2960 it gets two feeds one from he 1900 router and one from the sonicwall.
Not sure why you are not going straight from ONT into the sonicwall.
Placing a switch (managed, unmanaged) between the 1900 and sonicwall will allow devices to have a public IP but it will not be shielded by sonicwall, will be directly exposed to the outside.
If you are dealing with VOIP cloud based PBX, disabling the sip_alg on the sonicwall will help avoid VoIP calls.
Not sure why you are not going straight from ONT into the sonicwall.
Placing a switch (managed, unmanaged) between the 1900 and sonicwall will allow devices to have a public IP but it will not be shielded by sonicwall, will be directly exposed to the outside.
If you are dealing with VOIP cloud based PBX, disabling the sip_alg on the sonicwall will help avoid VoIP calls.
ASKER
If we direct plug the ONT to sonicwall FW WAN port how to use the public address eg static NAT from private IP to Public IP ?For my FW LAN Port what should i configure ?
Do you really need 8 Public IP's on the Dl-380?
You can setup 1:1 NAT (=Full Cone NAT) by translating all IP addresses to the Private addresses used on the DL-380...
You can just forward (routing foward, not port forward) the traffic (which would mean to forward those 8 addresses from WAS -> LAN with the IP of the DL-380 as the gateway for that route.
The DL-380 will need to listen for those addresses though. Esp. for outgoing traffic there is a need to bind to the right addresses by applications.
(Or you run VM's on the DL-380).
You can setup 1:1 NAT (=Full Cone NAT) by translating all IP addresses to the Private addresses used on the DL-380...
You can just forward (routing foward, not port forward) the traffic (which would mean to forward those 8 addresses from WAS -> LAN with the IP of the DL-380 as the gateway for that route.
The DL-380 will need to listen for those addresses though. Esp. for outgoing traffic there is a need to bind to the right addresses by applications.
(Or you run VM's on the DL-380).
ASKER
no ,my public address is need to use for different devices and the public address is need to use SNAT for WiFi Zone and use another public address for DMZ zone.
In that case All NAT etc. should be on the Sonic Wall.
Either 1:1 NAT to a device behind it, or using port forwarding for specific address/port combinations to the backend device concerned.
Either 1:1 NAT to a device behind it, or using port forwarding for specific address/port combinations to the backend device concerned.
ASKER
We had completed the project last two week ,the router given by ISP is configure Dual LAN IP address.We manage to configure public address for all the devices.
I think the correct solution is configure secondary LAN IP in ISP router my problem are solved.
I think the correct solution is configure secondary LAN IP in ISP router my problem are solved.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Presumably you are provided a /30 wan side IP block to setup the link to the provider with a public IP block of a /29, /28, /27 etc for the vlan side
One option you can use one of your unused sonicwall ports to have an IP on the Provider LAN side that will be used by a LAN system to which you want to assign a public IP.
Commonly, LAN systems sit behind a NAT using private LAN IPs, the firewall rules can then be setup to allow access on a public IP to be forwarded to the LAN system for the service.
The VLAN requires that your switches are managed.
The switch is setup with VLANs.
The sonicwall is configured with a trunk feed to the switch that passes all traffic.
The port to which you connect the specific device would be tagged, marked as being part of a specific vlan that differs from others.