PCI Configuration using a both s ISP modem and a cradlepoint as backup.
I would like to know, how to config a TZ400 that uses a cradlepoint with a DHCP provided address as backup when our main ISP goes down for PCI transactions. I'm trying to re-engineer the PCI process. Currently, this is what we have in place: we use:
1) we use Access rules to connect to the credit card provider and I think the issue resides with the Destination option of the access rule. The destination points to the address object "X1 IP" which our main ISP port. X2 is the port that the cradle point uses as a backup. Can I create a group address object that included both of these single address objects and inset this new group address object into the destination field under the access rule?
Answers
Hi @MIS_SHOPPERWORLD,
Thank you for visiting SonicWall Community.
On SonicWall, you have the main ISP connected to the X1 interface and Cradle Point ISP to X2 interface. The Credit Card (CC) provider reside behind the SonicWall. You already allowed access to the CC provider via X1 ISP and you now want to allow access for PCI transactions on the Cradle Point ISP (X2) too. Did I sound right?
If yes, please feel free to create a new NAT policy and access rule for the X2 ISP. Lets not club both X1 and X2 IPs on the same access rule for firewall's better performance.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Sounds like you want to use a failover configuration. Here's an old link (but still relevant). Let us know if you need more guidance.
http://help.sonicwall.com/help/sw/eng/9410/26/2/3/content/Network_WAN_Failover.032.2.htm
I have to create both a New NAT policy and access rule? I was going my per-existing NAT policies and my predecessor didn't create a NAT policy for PCI transactions. There is only the access rule in place for PCI transactions. When I create both a NAT policy and access rule, when X1 fails. These NAT and access rules will fail over to X2?
If yes, please feel free to create a new NAT policy and access rule for the X2 ISP. Lets not club both X1 and X2 IPs on the same access rule for firewall's better performance.
If it's an inbound traffic that you are talking about, the failover doesn't happen at the SonicWall. The CC provider itself will need to send traffic on the X2 WAN IP. If its outbound traffic that you are talking about, then we can configure WAN failover in SonicWall which will auto-trigger X2 to active state when X1 fails.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services