Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Two fixed IP addreses routed to two internal https servers?

Hi, I set up two WAN connections on two separate Nsa2700 ports but when I try to connect the second one to a second LAN port in the same subnet it errors. Is this a partitioning thing?

Thanks for any help.

Category: High End Firewalls


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @eugp if I get this right, both WAN ports getting IP addresses in the same subnet, e.g. X1 and X2

    This is not allowed and there is IMHO no way for overlapping subnets on different interfaces.

    If there is more to it just let us know.


  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited January 2023

    It sounds more like the poster is trying to 'extend' the LAN to second interface, but ya know, details.

    As BWC said you cannot have two interfaces in the same subnet. Thats not how IPv4 routing works.

    To get around this Sonicwall has a feature called PortShield, which allows you to set a second (or third, fourth, etc.) physical interface to be on the same IP subnet and security context as another. E.g. you would 'PortShield' port X3 to X0 to 'add' it to the LAN subnet and LAN zone.

    You would not need to configure X3 separately as it 'inherits' the IP of X0.

  • eugpeugp Newbie ✭
    edited January 2023

    Ah well,

    My hope was-

    X1=WAN Fixed internet IP "A"

    X0=LAN interface

    Rules for public webserver WAN IP "A" <> LAN

    X11=WAN Fixed internet IP "B"

    X10-LAN interface

    Rules for a second public webserver WAN IP "B" <> LAN

    But as you say, two ports on the same subnet is not allowed. What are all those ports for then? :)

    OK, but wait. Shouldn't I be able to not do X10 LAN but have another set of rules for-

    X11 WAN IP "B" <> second public webserver LAN

    Both pass through X0

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited January 2023

    You can do all kinds of things with them including what I posted about PortShields.

    Im going to kick myself for asking, but why are you trying to do this? What does this accomplish that having a switch on X0 and the servers on said switch doesnt? Or having a different Subnet and Zone on interface X10?!?

    You can do what you are talking about using a combination of features and settings, but again why?

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    edited January 2023

    X11 WAN IP "B" <> second public webserver LAN

    Both pass through X0

    Yes. This is a totally normal thing to do and can be achieved with the relevant access rules and NAT policies. Much less inexplicable than Plan A was :-D

  • eugpeugp Newbie ✭
    edited January 2023

    Since you ask, I was thinking of running Remote Desktops from the existing gateway using MFA-NPS extension which works with Azure and Microsoft Authenticator, then use the second route for the SMA210 SSLVPN users. This only works with OTP over email.

    I'll probably just use the SMA portal for RDP but as I said I prefer the MFA-NPS extension.

    They both have to reach the same subnet.

Sign In or Register to comment.