TZ400 new ISP with WAN IP and Public LAN IPs
My new ISP has handed me 2 sets of public IP addresses and said...configure your firewall. When I add the WAN IP to the WAN interface, internet traffic routes fine. There is a set of Public LAN IPs (routable) and they are supposed to be on the TZ400 as well as the "usable" public IPs. However, if I put them on the WAN interface, no traffic routes.
Does anyone know how to configure the TZ400 to support both sets of IPs? Maybe it's a sub interface? I'm out of my depths here and support sent me a link to a NAT policy page but that's not exactly what I need.
Any assistance is greatly appreciated. Here's an example of what they gave me (ISP) and what I have (example).
X0=LAN= 192.168.1.x/24 subnet
X1 = WAN ip from ISP = 188.8.131.52/30
Public LAN IPs from ISP = 184.108.40.206/29 - not sure how to use these or which interface to put them on and do I need to use a switch from the ISP handoff to go to multiple ports on the sonicwall?
TKWITS Community Legend ✭✭✭✭✭
ISPs giving out described 'Public LAN' IPs are just causing people confusion. What your ISP is giving you are extra publicly routable WAN IPs that you can use for NAT-ing.
The ISP gave me a single IP in a block to assign to my WAN interface
IP: 101.202.303.62 MASK: 255.255.255.252 GW: 101.202.303.61
The ISP also gave me the following block of IPs that THEY are routing to my above assigned address.
101.202.303.129 through 101.202.303.142
These addresses I cannot use on my interface. They are simply available for me to use with NAT policies because the ISP is routing them to my actual assigned public address.
To 'use' them, I could create inbound NAT policies with the orignal destination as one of the IPs in the second block e.g. 101.202.303.129. I could also create outbound NAT policies with the translated source as one of the IPs in the second block.
That is why support gave you a NAT policy page. Read up on NAT, it is essential to the IPv4 internet.
Hope that helps.1
Thank you so much for translating the giberish the ISP gave me. That makes a lot more sense. So, in short, if I have a "server/service" behind the firewall and it needs a public IP, then I put the NAT policy into play routing the "public LAN" IP to the server service (80, 3389, etc.). I appreciate pe