Several IPv4 addresses on single physical WAN interface from same WAN subnet
Hello! Trying to configure this on my NSa 4700 with latest firmware. My provider assigned this WAN subnet as my WAN: 220.127.116.11/24.
18.104.22.168 - is provider gateway for my WAN hosts.
22.214.171.124 - IP address of my SonicWall port X1 - default WAN.
192.168.1.1 - X0 Default LAN interface of my SonicWall.
In my LAN several servers that must be published: 192.168.1.12, 192.168.1.13, 192.168.1.14.
On my old Juniper firewall I used VIP and MIP to map WAN addresses to LAN addresses.
I need to map it same way: 126.96.36.199 => 192.168.1.12, 188.8.131.52 => 192.168.1.13 and 184.108.40.206 => 192.168.1.14.
And at this point I wondered that this is non-trivial problem for SonicWall. I used "Publish server Wizard" - it's not working, NAT rules created, access rules created, and nothing passing them. Then I tried this guide https://www.sonicwall.com/support/knowledge-base/configuring-multiple-wan-subnets-using-static-arp-with-sonicos-enhanced/170503911164326/ and found that it not applicable for me, it lost matters on part "Creating a Static Route" - looks like it's mistake there because meaning on configuration for 7.* and 6.* completely not corresponding: for 7 they asked to create "Match object" - have no idea why. I trying to create route and ARP entry using guideline for 6.* and this not working.
You have to make firewall Acl Wan-> DMZ/Alan
Service (up to you)
Source any (or not? If you have white list for the service)
Service any/specific (best practice to correspond to ACL.)
It is only by assuming that you have X1 configured 220.127.116.11/24. If you have other setup let me know.
@artyomtsybulkin you're listed as a partner and probably should know basic stuff like this already, labeling the reply from @Bbialy as useless isn't a helpful thing to do, I would call it rude and might reduce the chance that somebody else is willing to help.
The way @Bbialy described it is IMHO correct, because the SNWL will answer the ARP request on X1 for 18.104.22.168 when asked from 22.214.171.124 with that NAT rule. I did this plenty of times when the ISP really is providing a subnet and the CPE is doing the ARP requests. IMHO in your case the static ARP entries are not needed.
You might start a Packet Monitor on X1 to see what is going on. You could start with just sniffing for ARP requests on X1 or look for specific traffic destined to 126.96.36.199. Also check with the Event Log if anything is logged in there.
Just make sure that your Access Rule from Zone WAN to Zone LAN (or DMZ, ...) has the official IP as Destination, because it's checked against the original address and not the translated one.