Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

PCI Configuration using a both s ISP modem and a cradlepoint as backup.

I would like to know, how to config a TZ400 that uses a cradlepoint with a DHCP provided address as backup when our main ISP goes down for PCI transactions. I'm trying to re-engineer the PCI process. Currently, this is what we have in place: we use:

1) we use Access rules to connect to the credit card provider and I think the issue resides with the Destination option of the access rule. The destination points to the address object "X1 IP" which our main ISP port. X2 is the port that the cradle point uses as a backup. Can I create a group address object that included both of these single address objects and inset this new group address object into the destination field under the access rule?

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • Hi @MIS_SHOPPERWORLD,

    Thank you for visiting SonicWall Community.

    On SonicWall, you have the main ISP connected to the X1 interface and Cradle Point ISP to X2 interface. The Credit Card (CC) provider reside behind the SonicWall. You already allowed access to the CC provider via X1 ISP and you now want to allow access for PCI transactions on the Cradle Point ISP (X2) too. Did I sound right?

    If yes, please feel free to create a new NAT policy and access rule for the X2 ISP. Lets not club both X1 and X2 IPs on the same access rule for firewall's better performance.

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Sounds like you want to use a failover configuration. Here's an old link (but still relevant). Let us know if you need more guidance.

    http://help.sonicwall.com/help/sw/eng/9410/26/2/3/content/Network_WAN_Failover.032.2.htm

  • I have to create both a New NAT policy and access rule? I was going my per-existing NAT policies and my predecessor didn't create a NAT policy for PCI transactions. There is only the access rule in place for PCI transactions. When I create both a NAT policy and access rule, when X1 fails. These NAT and access rules will fail over to X2?


    If yes, please feel free to create a new NAT policy and access rule for the X2 ISP. Lets not club both X1 and X2 IPs on the same access rule for firewall's better performance.

  • Hi @MIS_ShopperWorld,

    If it's an inbound traffic that you are talking about, the failover doesn't happen at the SonicWall. The CC provider itself will need to send traffic on the X2 WAN IP. If its outbound traffic that you are talking about, then we can configure WAN failover in SonicWall which will auto-trigger X2 to active state when X1 fails.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.