Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Routed mode as well nat

Dear sir
X1 and x2 are wan interface. Is it possible for x0 to be in routed mode with x2 and nat mode with x1
Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    What are you trying to accomplish with this configuration? While what you are asking is probably technically possible, whether or not it will work is another matter.

  • Hi @EHSAN,

    Thank you for visiting SonicWall Community.

    Yes, you should be able to accomplish this requirement using NAT policy configuration. We have a specific NAT/Route mode configuration available from the WAN interface itself but may not be applicable for your scenario as you are specific looking Route mode for X0 subnet with X2 WAN. Just placed the KB link for your reference about Route Mode in SonicWall.

    For your scenario, we have to manually create NAT policy just for route mode scenario and place it on the top of the default NAT policies.

    The NAT policy should look like,

    Original Source: X0 Subnet

    Translated Source: Original

    Original Destination: Any

    Translated Destination: Original

    Original Service: Any

    Translated Service: Original

    Source Interface: X0

    Destination Interface: X2

    Enable NAT Policy: Enabled

    Comment: (enter a short description)

    This should get X0 to use No NAT when using X2 WAN for Internet access.

    Note: NAT policy depicted above is for Outbound direction.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • EhsanEhsan Newbie ✭

    Dear Sir,

    I am facing problem.

    TZ370W x6(WAN) and x4(WAN) are connected to two port of core switch and port are in L2.

    PC are in the internal LAN with two different network with separate switch.

    X6 and X4 are wan interface.

    X6 primary bridge L2 bridge with X7.

    X4 primary bridge L2 bridge with X5.

    two internal network are connected to x5 and X7 with respect to their switch.

    I can access the application from both the internal network via core switch connected to router which is going to MPLS network. CORE SWITCH are configure with VLAN1 with two IP each from the X5 and X7 network.


    But I cannot access internet from x7 and x5 LAN network through X1 WAN. But I can access internet from X0 LAN through X1 WAN.


    How can I configure above solution. So that I can access the application from X5 and X7 LAN through core switch connected to router.

    And also I can get internet for X5 and X7 LAN through X1 wan.

    Since X0 is getting internet through X1.

    And X5 and X7 should access each other.


    Sir it is urgent.


    Thanks and best regards.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Why are you bridging your WAN interfaces to X5 and X7 to use X5 and X7 as 'internal networks'? X5 and X7 are now considered in the WAN zone, and not LAN (or other internal).

    While your explanation is helpful, it doesn't make much sense. Can you provide a diagram? What 'application' are you referring to?

  • EhsanEhsan Newbie ✭
    Dear sir,
    If we make x4 and x6 as LAN and L2 primary bridge mode to x5 and x7 respctively. Now how to confgure so that LAN x5 and x7 should get internet through x1. Right now x0 is getting internet through x1.

    Thanks and best regards.
  • Hi @EHSAN,

    Please create a route on the SonicWall to force the X5 and X7 subnets to go online via X1 WAN. The route should look alike below,

    Source: X5 and X7 subnets

    Destination: Any

    Service: Any

    Gateway: X1 Default Gateway

    Interface: X1

    Metric: 10

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • EhsanEhsan Newbie ✭

    Dear Sir,

    If we add X5 an X7 subnets(NW) in a object group. And in source we select that object group it will be same as creating two route separately for x5 and x7.


    Thanks and best regards.

  • EhsanEhsan Newbie ✭

    Dear Sir,

    There is also many subnets of 164.39.0.0 /26 terminating from branches to the same core switch.

    If I change the subnet mask to 255.255.0.0 from 255.255.255.192 for X5(169.39.36.165/26) will it ingress all the traffic through x5. and get internet through x1.

  • EhsanEhsan Newbie ✭

    Dear sir,

    We did as you ask above as :-

    Source: X5 subnets

    Destination: Any

    Service: Any

    Gateway: X1 Default Gateway

    Interface: X1

    Metric: 10


    core switch vlan1 = 10.42.4.1

    PC = 10.42.4.91 DG = 10.42.4.1, PC connected to core switch vi access switch.

    We can access application through core switch connected to MPLS. Application is unix and mainframe based.

    But we want to access internet also being in the same network.

    Now x1(WAN) = internet connected

    x4(LAN) = 10.42.4.165 connected to core switch

    X5 bridge to x4 and access switch connected to x5 (disconnect from core switch)

    PC = 10.42.4.91 DG = 10.42.4.1 we can access the application.

    But no internet.

    PC = 10.42.4.91 DG = 10.42.4.165 we can access the internet

    But no application.

    If we make X4(WAN), still we can get internet but no application at all. Look like if NAT is happening than application are not allowed.


    How can we get both internet as well as application.


    Thanks and best regards.

  • SaravananSaravanan Moderator

    Hi @EHSAN,

    We should do packet capture on the SonicWall for Internet traffic to identify the issue with no Internet from X5 and X7 subnets respectively.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • EhsanEhsan Newbie ✭
    Dear sir,
    I did not understand your point. sir if i make local pc deafault gateway as the IP of the ingress interface than only we are getting internet. But than we are not able to get app access untill we make default gateway of the pc as vlan ip of the core switch. And when we make pc default gateway as vlan ip of core switch than we cannot access internet. My question is that is it possible to access the internet from local pc with out the ingress ip of the internal lan.
  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Saravanan is trying to have you use the tools available to you to troubleshoot the issue.

    It sounds to me like you have a routing issue. Your core switch does not know where to send traffic to get to the internet, and your firewall does not know where to send traffic to get to the 'application'.

    What is the routing table of your core switch? What is the routing table of your firewall?

    Read up on routing.

  • SaravananSaravanan Moderator

    Hi @EHSAN,

    Yes, @TKWITS is right. We should perform a packet monitor on the SonicWall to identify the reason for no Internet. If you need any assistance on packer capturing/monitoring, please let us know. You can also contact our Support folks for help as per below web-link.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Ehsan ,

    For understanding your requirement, could you please share with us the network diagram.

    As I understand that, You have L3 core switch and configured the VLANS. Those VLAN connected PC's are not getting the internet?

    Please check the core switch configured with default route or not.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    @Ehsan Did you get anywhere else with this?

Sign In or Register to comment.