Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Additional /28 Subnet for WAN Zone

FlareFlare Newbie ✭
edited July 2021 in Mid Range Firewalls

Hi Everyone,

Our ISP has provided us with a static IP eg. 1.1.1.1/24 which is assigned to the WAN port. In addition to that they have also provided an additional subnet 2.2.2.2/28 which is routed to our main 1.1.1.1 .

In our previous setup we were using a Billion Router and we could easily create WAN IP Aliases and One-One NATS and could assign each public IP to a unique internal server.

We are having trouble trying to set this up in SonicWall, we tried what was suggested in one of the knowledge base article https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-secondary-ip-address-on-wan-interface-for-firewall-management-purpose/170504637235916/#:~:text=It%20is%20not%20currently%20possible,up%20for%20a%20network%20resource. but it did not work:

  • Creating individual Host WAN IP Objects assigned to the WAN Zone, eg. 2.2.2.2, 2.2.2.3, 2.2.2.4 etc...
  • Creating individual Host LAN IP Objects assigned to the LAN Zone, eg. 10.10.100.2, 10.10.100.3 etc...
  • Create an Access Rule , eg. for 2.2.2.3 to 10.10.100.3
  • Create a NAT for 2.2.2.3 to 10.10.100.3

Are we doing something wrong here and can anyone who has setup something similar please provide some assistance.

Thank you in advance.

Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • FlareFlare Newbie ✭

    Hi Shipra,

    Thank you for your reply.

    In the article it states "The SonicWall will not respond to ICMP/SNMP/HTTP/HTTPS management traffic on a published Static ARP IP address." and we have multiple web servers, does that mean I will not be able to use these services on any of the additional IP's that we have?

  • shiprasahu93shiprasahu93 Moderator

    @Flare,

    The services used in the port forwarding to the internal servers will work. This is with respect to the management traffic.

    Additionally, you can forward ICMP traffic, etc as well to the internal server. But, SonicWall itself will not respond to this traffic.

    If you have a web server and have port forwarding done for HTTP/HTTPS, SonicWall will forward this traffic to the internal server and in turn, send the response from the server to the client. But, SonicWall itself will not be responding to this traffic. This basically means that these additional IP addresses cannot be used for firewall management.

    This should not affect what you are trying to set up. I hope that clarifies it.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • FlareFlare Newbie ✭

    Hi Shipra,


    Perfect! Thank you very much. Got it working now.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited July 2021

    This question has been asked and answered many times, see: https://community.sonicwall.com/technology-and-support/discussion/comment/6798

    Also: https://www.sonicwall.com/support/knowledge-base/how-can-i-enable-port-forwarding-and-allow-access-to-a-server-through-the-sonicwall/170503477349850/

  • shiprasahu93shiprasahu93 Moderator

    Glad it all worked out! Have a good one 😀

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.