Dual WAN Dual LAN
emilward
Newbie ✭
I have a client with a TZ670 on a single WAN connection (X1) with 5 public IP's but they want to use one public IP for their LAN internet connection (X0) but use a different public IP for their guest wifi LAN (X2). I'm assuming this would be set up using static routing but I'm doing something wrong. Anyone know how to set this up?
Category: Entry Level Firewalls
Tagged:
0
Answers
@emilward how do the 5 public IPs get assigned to X1? As /28 on X1 or via Routing through an upstream CPE?
Either way, it should be sufficient to create a NAT rule to hide X2 behind on of the additional IPs:
SRC-Orig: X2 subnet
SRC-Translated: Address Object holding one of the 5 IPs, Zone WAN
DST-Orig: Any
DST-Translated: Original
—Michael@BWC
Sorry, I meant they're getting 5 (static) IP's from their ISP. X1 is only using one IP so I suppose I would have to add another interface for another WAN IP; which is fine, if that makes things easier. Right now they have the ISP gateway plugged into an unmanaged switch and 2 ports go out to two different firewalls. One firewall is used for the company LAN and the other firewall is used for the guest wifi. I was hoping to just consolidate them both into one firewall. I was going to simply create two zones (LAN and WiFi) but then they said they wanted to keep each network on a different public IP so they're completely separate. Hence my question.
What is the netmask of your X1 interface and are all of the public IPs are within the same subnet?
Did you tried the suggested NAT rule, it might be enough already. If not it might be necessary to do a static ARP binding for the additional IP on your X1 interface. There is no need to create additional WAN interfaces.
https://www.sonicwall.com/support/knowledge-base/how-to-configure-multiple-wan-ip-addresses-part-of-the-same-network-of-the-wan-interface/230801093303163
—Michael@BWC
No need. Create a specific NAT policy which translates the source IP for network you want to distinguish. See BWC's first post.