**2 week project to map a server! and still no go**
ok i’m going insane here . . . once upon a time, i used to help small business technically which included setting up networks for them just to say i have some experience. got a comcast biz gateway device and block of 5 addresses – can port forward/filter with just the gateway but wanted to insert sonicwall firewall (tz270w) for more control and boy having some fun ☹. i’ve tried many ways but still no go. more specifically, i now know you cannot go into bridge mode with comcast so not in bridge. gateway address already assigned on comast and used one routable for the wan side of the firewall. can ping the gateway and the wan address of the firewall but cannot get through to a host with a routable address. did a one-to-one nat mapping to a private address but cannot ping it or access it from the outside. used the wizard which created the nat association and related access rules for the service (in this case rdp to test). i cannot call comcast as they won’t speak to me even if i wanted to pay for some support – they verify the addresses are ‘on the device’ and that is true as i can use the routable addresses but just cannot insert the sonicwall. not sure what is happening – any advice welcome – at a high level.
Answers
Have you created your address object for the LAN Network and set allow rules for it from LAN To WAN yet?
thx for your reply . . . using the public server 'wizard' it should create all the rules (nat association and related access rules for the ports) already . . . normally traffic is allowed from lan to wan without any extra rules and i am able to access the internet from a private address on the host (server) out through sonic and the comcast gateway to the internet.
For what its worth, I have had some pretty good experiences with customer service. If your client has a service contract, you might try them.
1-888-793-2830
Couple other ideas that come to mind...
firewall on host?
WAN to LAN access rule
I'm looking at our set up and it looks like a previous admin had set up some NAT for an email server that we took out a few years ago. I am finding some auto created rules and some custom ones tied to it. I'd just double check to make sure all the rules are in place. Like build out a logic map for it so you can see it's all there. I find that when I am spending any significant amount time troubleshooting, I will periodically overlook some things that should be obvious (that's me though). There are a lot of places for settings in these firewalls!
Anyway, best of luck to you!
Start a packet capture on the Sonicwall with a destination IP of the public IP that you are trying to NAT. Generate some traffic to that public address from the outside. Does anything appear in the capture?
hello all - thanks so much for your input . . . will close this out for now and will rethink things. funny as this is for my own office and as i said above, very familiar with small biz networking so this is fun. i've never had an isp not talk with me so that is the major problem but they only person you can get is a cust service person and they ask 'if your internet is working or not' and that is it. fair enough but their site isn't helpful with the addressing info. i think that most businesses use their equipment exclusively and don't run into this. some say use 'bridge mode' which strips most functionality from their box and just passes the traffic to the next device - that is what i wanted and prefer so the intelligence is on the sonic device for nat, dhcp, access, etc. but then i think they changed their back-end as others have posted you cannot do this as the static addresses need to be 'on their gateway' to route them correctly. anyway, just saying thanks here.