Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Access cable modem configuration interface over SonicWall firewall?

mikeblasmikeblas Newbie ✭
in Entry Level Firewalls

I've got a cable modem and a SonicWall firewall.

  • + The cable modem is connected to cable, of course.
  • + The network port on the modem is connected only to the WAN port on the firewall
  • + The LAN port on the firewall is connected to a switch, which fans out to the rest of my network.

My cable modem has an administrative interface on 192.168.100.1. My LAN is numbered 192.168.0.x/255.255.255.0. The SonicWall's LAN port the default gateway for everything on my LAN.

Note that my cable modem is a plain old modem -- a Motorola MB8600, not any kind of router/access port/switch integrated device. The cable modem is in bridged mode. This model runs bridged-only, in fact.

I'd like to add a route to the SonicWall that lets me hit the admin interface on the cable modem. Seems like I also need to set some rules, or maybe even do NAT.

I've tried adding a route definition from "any" to the cable modem's address object, which is declared to be on the WAN port. But that doesn't work. Oddly, with that rule in place, I can not ping 192.168.100.1, but I can't hit it with http/s. Without that rule, I can neither ping nor use http/s to the address -- it times out.

How can I set up my SonicWall to take requests for 192.168.100.1 from the firewalled LAN and route them to the cable modem's address, pass the responses?

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @mikeblas I'am somewhat in the same situation with a Vodafone Cable connection. Arris Modem is in bridge mode and has the internal IP 192.168.100.1. But I don't need to configure anything special, because the Modem just intercepts the traffic destined to 192.168.100.1 and provides the Web Interface for the Modem.

    It seems that is not the case in your scenario?

    Did you tried to enable Support for Secondary Subnets in the Internal Settings of your Firewall and configure an IP like 192.168.100.10 as secondary? This might do the trick.

    You did not disclosed which Firewall you're using, it differs for Gen6 or Gen7.

    --Michael@BWC

  • mikeblasmikeblas Newbie ✭


    Secondary Subnets in the Internal Settings of your Firewall and configure an IP like 192.168.100.10 as secondary?

    Sorry, I have no idea where this setting is.

    You did not disclosed which Firewall you're using, it differs for Gen6 or Gen7.

    My post is tagged "TZ300" because I am using a SonicWall TZ-300.

    It seems that is not the case in your scenario?

    That is not the case -- otherwise, things would be working and I wouldn't have to ask for help. It does seem like the address should just work as if it was any other external address, responded to by the modem directly instead of The Whole Internet. But the response times out. When a computer is connected directly to the modem , I have no problem getting the status page.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @mikeblas I wasn't paying attention to the Tags, my bet.

    Follow the steps for Gen6 (SonicOS 6.5) from this KB-article:

    https://www.sonicwall.com/support/knowledge-base/how-can-i-access-the-internal-settings-of-the-firewall/210715101110437/

    The Support for Secondary Subnets can be found in the ARP settings section. After activating this setting you need to go back to your Interface settings for X1 and configure the new subnet on the Advanced Tab.

    You should make sure that your 192.168.0.0/24 gets translated via NAT rule to the configured secondary subnet address when accessing 192.168.100.1, otherwise the return packets can't find their way back.

    Hope this helps, best of luck.

    --Michael@BWC

Sign In or Register to comment.