Routing Query
We currently have a Sonicwall on an internal network at a site and until a recent change by the Internet Provider to their filtering service everything was working fine.
The setup had the internal network on 10.204.81.* and the WAN Interface of the Sonic on a static address of 10.204.80.2 with the Gateway router on 10.204.80.1. The new filtering service needs to see the internal LAN IP Addresses of the devices to authenticate and at the moment all the system is seeing is the NAT Address from the WAN of the Sonicwall on 10.204.80.2 and is rejecting them as they're not recognised.
I'm by no means a network specialist but know enough to at least get close but this one has me stumped. I've read that a Layer 3 switch could do this but then I know the Sonics can do some Layer 3 routing so if the two networks were setup as VLANs on the Sonic could I then pass the Internal LAN IP Addresses to the host Router so that the filtering service sees what it needs to see to work?
Setup at the moment is below:
ISP Router 10.204.80.1 - Sonicwall WAN 10.204.80.2 - Sonicwall LAN Interface 10.204.81.1 - Internal Network 10.204.81.*
Any pointers would be welcome.
Answers
Hi,
I assume your device already have the default routes and Access Control rules set up correctly because it worked before the ISP changes were doen. Now you only have to prevent the firewall doing NAT from the given interface to to WAN interface.
See my NAT rule #10 for traffic coming on X0 interface (LAN) and destined to flow out on X1 (WAN). In this case I need to change the rule's Source Translated field to 'Original' from X1 IP to prevent source address change (OR simply disable this rule and let this traffic matching rule #12 which is the lowest priority (40) NAT rule)
This way the ISP will see the internal addresses in the forwarded packets' source field.
Regards,
István
L2 bridge mode or transparent mode are also possibilities, but would probably require new IP addressing for the internal network.
for what @Istvan was saying, search for ”Configuring Routed Mode”.
Thanks for the NAT rule information. Already had that rule setup on the test Sonic here at the office. As we also have a Sonicwall in the office as our office firewall I was able to look at the Logs on that to see what it was receiving. With that NAT rule in place and pinging the office network gateway I am still seeing the Static WAN Interface IP of the Sonicwall in the middle as the source and not the IP Address of the Laptop on the LAN behind it.
What we want to see is, say a laptop for example on, 10.204.81.20 hitting the gateway when it's behind the Sonicwall in the middle. I was wondering if setting the two networks up as VLAN's on the middle Sonic might be a starting point? So that the 10.204.81.* and 10.204.80.* are both VLAN's and not trying to go LAN to WAN.
Of course the WAN IP being seen on the Gateway might be expected behavior, I don't know.
Thanks