Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Public IP passthrough on dedicated interface

Our SonicWall NSA 2700 is connected to a single ISP, with two available static Public-IP's allocated by the ISP. Currently we have the WAN interface configured to the first static IP NAT'd to our private network. Now I want to make the second Public IP available to an independent group, but want to limit their bandwidth to 100 Mbps (up/down), from my Gigabit allocation by the ISP. So effectively I want to connect their router to a dedicated port on the NSA 2700 where they see that second allocated public IP but will only receive no more than 100Mbps bandwidth.

Is this config possible and any suggestions?

Category: Mid Range Firewalls
Reply

Answers

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    @DesertSweeper you can do.


    you should assign second interface as second ip and your ISP route ip from their switch to SonicWall second interface. after designation, you can create bw rules for second interface.


    KB: https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-an-interface-as-secondary-wan-port-in-sonicwall/170505889272088/

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Bandwidth management is done on access rules. You will need to enabled Advanced BWM to this.

    NAT policies are used to map different networks to different public IPs.

  • MustafaAMustafaA SonicWall Employee

    Since the description of the requirement is related to a single ISP connection with multiple usable public IP addresses, the referenced KB article is not applicable.

    What needs to be done is to create a Static ARP entry for the second usable public IP and then a NAT policy is required for the source subnets that will use this public IP. Also you can define Access Rule to apply the BWM for that specific traffic.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    edited January 9

    The OP has not specified what the "relation" between the two public IPs is. If the additional IP is in the WAN interface subnet, then no static ARP entry will be necessary, simply creating a NAT policy will cause the firewall to respond to ARP for this IP.

  • Greetings all and thank you for your interesting responses. Apologies for late response, crazy project with no sleep. The bandwidth management issue is not critical for me in hindsight. Since I need to give them exactly 100Mbps I could just restrict their outbound interface to 100 not 1000. I am now thinking a simple managed switch between the ISP GPON and the NSA, thus allowing me to provide them a single port to their router, locked to 100Mbps, and their router WAN-side set to the second IP. Will try this and revert

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    I have provisioned the same using a old HP 1910 , bandwidth management worked flawlessly.

Sign In or Register to comment.