Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Several IPv4 addresses on single physical WAN interface from same WAN subnet

Hello! Trying to configure this on my NSa 4700 with latest firmware. My provider assigned this WAN subnet as my WAN: - is provider gateway for my WAN hosts. - IP address of my SonicWall port X1 - default WAN. - X0 Default LAN interface of my SonicWall.

In my LAN several servers that must be published:,,

On my old Juniper firewall I used VIP and MIP to map WAN addresses to LAN addresses.

I need to map it same way: =>, => and =>

And at this point I wondered that this is non-trivial problem for SonicWall. I used "Publish server Wizard" - it's not working, NAT rules created, access rules created, and nothing passing them. Then I tried this guide and found that it not applicable for me, it lost matters on part "Creating a Static Route" - looks like it's mistake there because meaning on configuration for 7.* and 6.* completely not corresponding: for 7 they asked to create "Match object" - have no idea why. I trying to create route and ARP entry using guideline for 6.* and this not working.

Any idea?

Thank you!

Category: Mid Range Firewalls


  • Options
    BbialyBbialy Newbie ✭
    You are doing it very similar.
    You have to make firewall Acl Wan-> DMZ/Alan
    From any
    Service (up to you)

    Than Nat
    Source any (or not? If you have white list for the service)
    Translated original
    Service any/specific (best practice to correspond to ACL.)

    It is only by assuming that you have X1 configured If you have other setup let me know.
  • Options
    Your steps is useless because there's nothing about - how it will listen on X1? Besides I already checked these settings without success.
  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @artyomtsybulkin you're listed as a partner and probably should know basic stuff like this already, labeling the reply from @Bbialy as useless isn't a helpful thing to do, I would call it rude and might reduce the chance that somebody else is willing to help.

    The way @Bbialy described it is IMHO correct, because the SNWL will answer the ARP request on X1 for when asked from with that NAT rule. I did this plenty of times when the ISP really is providing a subnet and the CPE is doing the ARP requests. IMHO in your case the static ARP entries are not needed.

    You might start a Packet Monitor on X1 to see what is going on. You could start with just sniffing for ARP requests on X1 or look for specific traffic destined to Also check with the Event Log if anything is logged in there.

    Just make sure that your Access Rule from Zone WAN to Zone LAN (or DMZ, ...) has the official IP as Destination, because it's checked against the original address and not the translated one.


Sign In or Register to comment.