Setup multiple LAN network with single Public IP address
Dusk
Newbie ✭
Let me preface this post by saying I have very little experience with the firewall. We have a TZ400 with a single Public IP. The X0 LAN has internet access. I need a second LAN with a different IP scheme to have internet and NOT interfere with the existing LAN since it will be a DHCP network also.
I have been unable to find an example of what I need so here I am.
Any help is very appreciated!
Best Answer
-
CORRECT ANSWER
Ajishlal
Community Legend ✭✭✭✭✭
Hi,
Following steps will guide you in creating a custom network zone on SonicWall UTM appliance:
Step1 - Navigate to Networks --> Zone --> Add
Step2- Select the security type for the zone appropriately.
Enter your custom Zone Name (Example: LAN-2) --> Security Type: Trusted
Step3- Apply security services on the custom zones. (Example: Enable GAV, IPS, Anti-Spyware etc.) As per your security subscription applied on the UTM.
Step4 - Applying the custom zone on an interface:
Navigate to Network --> Interface --> Edit Icon: (Assume Interface X3) :
Choose the Zone as LAN-2
Mode / IP Assignment: Static
IP Address: enter your preferred network & subnet mask.
If you require enable the Management features such as HTTPS, PING
Apply the above changes
5
Answers
Hi @Dusk, you can simply setup a second LAN (through VLAN or another interface). We have predefined NAT rules and zone trust so you won't have to do anything else besides create DHCP scopes etc.. They will both use the same public IP when traffic leaves your network.
Hello @Dusk,
Welcome to SonicWall community.
If you need a secondary LAN, you can just configure a free interface on the SonicWall with a separate IP scheme and enable DHCP on that interface. The access rules between LAN to LAN can be set so that this new network cannot interfere with the existing X0 subnet.
By default, SonicWall adds the access rule and NAT policy for it to be able to access the internet using the public IP on WAN.
Please take a look at the KB below that explains settings separate internal networks for printers and servers.
You can also choose to use a VLAN sub-interface under X0 itself, but in that case the switch connected to X0 should be a managed switch with VLAN capabilities and you would need to set up separate VLAN with the port connecting to the firewall in trunk mode.
If you are using a free interface, please use a separate switch so that the L2 traffic is segregated.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thank you everyone for your answers. Technically all of them are correct, but I marked @Ajishlal as correct because I really needed the step by step instructions due to my inexperience. It helped greatly!
Hello.
Please, Can you help me?
I follow this, but this don't work. The X1 LAN has internet access, but X2 don't have internet acces.
I might be insulting your intelligence here, but "No link"? Never going to work so long as there is no link!
of course, but I need a clue for solve it...
What device(s) do you have plugged into that X2 port on the firewall?
PCs
I'm going to assume those PCs are supposed to get their IP address via DHCP.
If so, how have you configured the DHCP for those PCs?
That step is not included in the agreed upon answer above.
Thanks Larry, I was able to figure it out.