Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Route Secondary IP to another interface in SonicWall 2600

stefan_burstromstefan_burstrom Newbie ✭
in High End Firewalls

Hi!
I am trying to bridge traffic from my SonicWall to a secondary firewall in a different building and I am not sure how to set up SonicWall to forward all traffic to my second IP to a different interface (X5)
I have two interfaces, X1 and X5 both belonging to the WAN zone. My ISP has provided me multiple IP addresses and I would like to forward all traffic destined for the 2nd ip address to X5. I have created an ARP entry for my 2nd IP address which maps the mac address of X1. When I access IP2 from outside, I can see in the packet monitor that packets are sent to X1 with IP2 but they are never forwarded to X5 after this. What rules do I need to set up to forward all packets destined for IP2 to X5 (and back)
When I am debugging this with the packet monitor, I can see external PING packets (or HTTP requests) show up on X1, but they never show up on the X5 interface
What am I missing in the configuration to make this work?

Category: High End Firewalls
Reply
Tagged:

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Are these IPs in the same network?

  • stefan_burstromstefan_burstrom Newbie ✭

    Yes, both IPs belong to the same network and have the same default gateway.

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    How is the X5 interface connected?

    Is it to both the upstream ISP router and the remote firewall with a common switch ?

    Or is this second IP range allocated to your X1 where your physical X1 is say for example 1.1.1.2 with a GW of 1.1.1.1 and a second range of 2.2.2.0/28 ?

  • stefan_burstromstefan_burstrom Newbie ✭

    X1 connected to the upstream ISP and 1.1.1.2/29 is allocated to X1. This IP is used for all devices that are NATed by the SonicWall. X5 is connected to the second firewall (bridged via 2 switches and a fiber connection, running on its own vlan, logically separated from the internal network that belongs to the 1.1.1.2/29 uplink. This connection has been verified by connecting 2 computers in each end to make sure that traffic flows correctly over the bridge)
    What I am trying to do is to configure a bridge between X1 and X5 so that any packet sent from the ISP, destined for 1.1.1.3/29 is automatically forwarded to X5 (and subsequently handled by the 2nd firewall)
    Using the packet monitor, I can verify that packets with dest address 1.1.1.3 shows up on X1 and they are not dropped. But they are not forwarded to X5 as I do not see the same packet on X5
    X5 does not have a valid IP address, just a fake one, but perhaps I should set up static route for packets destined 1.1.1.3 → IP of X5? The NAT rule that I created does not translate any addresses, I just configured X1 as incoming and X5 as outgoing interface for the rule

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    so if this isn't a second IP range associated with your primary.

    I would suggest looking at

    How can I configure a PortShield interface (LAN,DMZ,etc.) working in transparent mode?

    How can I configure a PortShield interface (LAN,DMZ,etc.) working in transparent mode? | SonicWall

  • prestonpreston All-Knowing Sage ✭✭✭✭

    Hi @stefan_burstrom , I believe this is what you are trying to do

    https://www.sonicwall.com/support/knowledge-base/configuring-interfaces-in-transparent-ip-mode-splice-l3-subnet/190315113832572

Sign In or Register to comment.