When setting up the Spice L3 Subnet none of my LAN address objects show up under Transport Range, only my WAN ones. Even when I add a new one it will not be there in the dropdown.
Instructions say I need to use an LAN or internal IP, am I reading this wrong?
" From the Transparent Range drop-down menu, select an address object that contains the range of IP addresses you want to have access through this interface. The address range must be within an internal zone, such as LAN, DMZ, or another trusted or public zone matching the zone used for the internal transparent interface. "
Why would I need a managed switch? My plan would be going directly from the L3 splice port on the SonicWALL to the virtual switch on the server assigned to the web server. Am I missing somthing?
Hi @johnnyz, you need to create an address object for the WAN IP in the LAN/DMZ zone for the Transparent Interface with the Public IP to use, this then is set on your Servers network card as its IP with the rest of the WAN details i.e. the subnet mask and the gateway IP (the same as your current WAN uses) see here https://www.youtube.com/watch?v=JJO1rXgHp1g&t=96s
for the Virtual switch as long as you have more than one physical Network Interface you can use one of these directly in to the SonicWall, but if you only have a single network card for the Virtual switch then you would need VLAN tagging, hence needing a switch.
See picture. you can see I have 7 Static IP's. I will be working with only 1. 70.167.119.118 is the IP I use for the web server. Currently what comes in on 70.167.119.118 goes to 10.0.0.18.
So should change the current zone on that address object to DMZ and then do I pick host or network as I don’t have a range? and do I have to change it to DMZ? can I just leave it WAN? and then just use that for the new L3?
Sorry SonicWall did used to have a guide how to set up Transparent mode apart from the Video's explaining it correctly, it seems they have removed it, below is how you set it up the server NIC needs to be set to use the Public IP not an internal Natted IP, see below for a guide for your scenario.
1 ) create another address object with the public IP address you want to use and put this in the DMZ Zone,
2 ) set up an Interface X3 for example and select L3 Transparent mode, select DMZ as the Zone and then select the new Address object you created.
3 ) set the IP address on your server to be the same public IP address you want to use with the same subnet mask and gateway IP as X1
4 ) no NAT needed just create firewall rule from WAN-DMZ for the services you want to allow the destination being the public address you used on the address object and the servers NIC
5 ) plug in the server directly to the X3 Interface (if your Virtual Server has more than one NIC on it's Virtual Switch)
Thank you for the nice detailed info. I did all you said and I could not see or talk to the websever. so I dont know. and yes the server has 4 lan ports and the web server is on its own port so that part is all set and not the issue. Other then that I did 1-4 and check all several times but no comunication to the webserver, so I jsut set it back to the way it was for now.
and I just wanted to show this as on the X6 port its showing 70.167.119.115, the IP from the WAN port, so not sure if that is an issue when X6 is suposed to be 70.167.119.118? but I cant change the WAN port. I have 8 ips and I need and want that to stay on 115.
WELL ANYWAYS, SONICWALL CAME OUT WITH A NEW FIRMWARE AND IT FIXED THE ISSUES I HAVE BEEN HAVING SINCE JUNE-THE LAST FIRMARE - So all is good now. This was a hard one to figure out. 8 months on a lot of forums. I thought it was the web server, then Let’s Encrypt, then my service provider and then SonicWall. So, turns out after all this is was SonicWALL.
Answers
When setting up the Spice L3 Subnet none of my LAN address objects show up under Transport Range, only my WAN ones. Even when I add a new one it will not be there in the dropdown.
Instructions say I need to use an LAN or internal IP, am I reading this wrong?
" From the Transparent Range drop-down menu, select an address object that contains the range of IP addresses you want to have access through this interface. The address range must be within an internal zone, such as LAN, DMZ, or another trusted or public zone matching the zone used for the internal transparent interface. "
Why would I need a managed switch? My plan would be going directly from the L3 splice port on the SonicWALL to the virtual switch on the server assigned to the web server. Am I missing somthing?
Hi @johnnyz, you need to create an address object for the WAN IP in the LAN/DMZ zone for the Transparent Interface with the Public IP to use, this then is set on your Servers network card as its IP with the rest of the WAN details i.e. the subnet mask and the gateway IP (the same as your current WAN uses) see here https://www.youtube.com/watch?v=JJO1rXgHp1g&t=96s
for the Virtual switch as long as you have more than one physical Network Interface you can use one of these directly in to the SonicWall, but if you only have a single network card for the Virtual switch then you would need VLAN tagging, hence needing a switch.
See picture. you can see I have 7 Static IP's. I will be working with only 1. 70.167.119.118 is the IP I use for the web server. Currently what comes in on 70.167.119.118 goes to 10.0.0.18.
So should change the current zone on that address object to DMZ and then do I pick host or network as I don’t have a range? and do I have to change it to DMZ? can I just leave it WAN? and then just use that for the new L3?
So it wont let me change to network, I have to leave it host. So again no clear instuctions at all. back to square 1.
Hi johnnyz,
Sorry SonicWall did used to have a guide how to set up Transparent mode apart from the Video's explaining it correctly, it seems they have removed it, below is how you set it up the server NIC needs to be set to use the Public IP not an internal Natted IP, see below for a guide for your scenario.
1 ) create another address object with the public IP address you want to use and put this in the DMZ Zone,
2 ) set up an Interface X3 for example and select L3 Transparent mode, select DMZ as the Zone and then select the new Address object you created.
3 ) set the IP address on your server to be the same public IP address you want to use with the same subnet mask and gateway IP as X1
4 ) no NAT needed just create firewall rule from WAN-DMZ for the services you want to allow the destination being the public address you used on the address object and the servers NIC
5 ) plug in the server directly to the X3 Interface (if your Virtual Server has more than one NIC on it's Virtual Switch)
Thank you for the nice detailed info. I did all you said and I could not see or talk to the websever. so I dont know. and yes the server has 4 lan ports and the web server is on its own port so that part is all set and not the issue. Other then that I did 1-4 and check all several times but no comunication to the webserver, so I jsut set it back to the way it was for now.
Address Object:
Firewall access rule:
Network X6 Transparent L3:
Webserver network ip:
and I just wanted to show this as on the X6 port its showing 70.167.119.115, the IP from the WAN port, so not sure if that is an issue when X6 is suposed to be 70.167.119.118? but I cant change the WAN port. I have 8 ips and I need and want that to stay on 115.
and yes X6 is off at this point, I no that.
WELL ANYWAYS, SONICWALL CAME OUT WITH A NEW FIRMWARE AND IT FIXED THE ISSUES I HAVE BEEN HAVING SINCE JUNE-THE LAST FIRMARE - So all is good now. This was a hard one to figure out. 8 months on a lot of forums. I thought it was the web server, then Let’s Encrypt, then my service provider and then SonicWall. So, turns out after all this is was SonicWALL.