Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ400 new ISP with WAN IP and Public LAN IPs

My new ISP has handed me 2 sets of public IP addresses and said...configure your firewall. When I add the WAN IP to the WAN interface, internet traffic routes fine. There is a set of Public LAN IPs (routable) and they are supposed to be on the TZ400 as well as the "usable" public IPs. However, if I put them on the WAN interface, no traffic routes.


Does anyone know how to configure the TZ400 to support both sets of IPs? Maybe it's a sub interface? I'm out of my depths here and support sent me a link to a NAT policy page but that's not exactly what I need.

Any assistance is greatly appreciated. Here's an example of what they gave me (ISP) and what I have (example).


X0=LAN= 192.168.1.x/24 subnet

X1 = WAN ip from ISP = 1.1.1.1/30

Public LAN IPs from ISP = 2.2.2.2/29 - not sure how to use these or which interface to put them on and do I need to use a switch from the ISP handoff to go to multiple ports on the sonicwall?

Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    Accepted Answer

    ISPs giving out described 'Public LAN' IPs are just causing people confusion. What your ISP is giving you are extra publicly routable WAN IPs that you can use for NAT-ing.

    For example:

    The ISP gave me a single IP in a block to assign to my WAN interface

    IP: 101.202.303.62 MASK: 255.255.255.252 GW: 101.202.303.61

    The ISP also gave me the following block of IPs that THEY are routing to my above assigned address.

    101.202.303.129 through 101.202.303.142

    These addresses I cannot use on my interface. They are simply available for me to use with NAT policies because the ISP is routing them to my actual assigned public address.

    To 'use' them, I could create inbound NAT policies with the orignal destination as one of the IPs in the second block e.g. 101.202.303.129. I could also create outbound NAT policies with the translated source as one of the IPs in the second block.

    That is why support gave you a NAT policy page. Read up on NAT, it is essential to the IPv4 internet.

    Hope that helps.

Answers

  • ucsawucsaw Newbie ✭

    TKWITS,


    Thank you so much for translating the giberish the ISP gave me. That makes a lot more sense. So, in short, if I have a "server/service" behind the firewall and it needs a public IP, then I put the NAT policy into play routing the "public LAN" IP to the server service (80, 3389, etc.). I appreciate pe

Sign In or Register to comment.