UTM : Configuring Multiple WAN Subnets Using Static ARP with SonicOS Standard (SW7622)

Return
  • Title

    UTM : Configuring Multiple WAN Subnets Using Static ARP with SonicOS Standard
  • Resolution

    Article Applies To:

    Affected SonicWALL Security Appliance Platforms:
    Gen4: PRO series: PRO 3060, PRO 2040, PRO 1260
    Gen4: TZ series: TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless (RevB)
    Gen3: PRO series: PRO 330, PRO 300, PRO 230, PRO 200, PRO 100
    SOHO3/TELE3/GX series: SOHOW, SOHO3, TELE3, TELE3 SP, TELE3 TZ, TELE3 TZX, GX 650, GX 250

    Firmware/Software Version: Sonic OS Standard
    Services: Multiple WAN subnets

    Feature/Application: 

    When the ISP has allocated two public IP address ranges, special configuration is required to allow the SonicWALL to use the secondary public IP address range for one-to-one NATs. This document describes the two possible configuration methods

    Scenario:

    ISP provided primary subnet configured on the X1 (WAN) interface: 1.1.1.0/24
    Additional block of IP addresses provided by the ISP: 2.2.2.0/24. 
    SMTP Server in the LAN to be accessed from outside using 2.2.2.50

     

     Procedure:

    Step 1: Create a Static ARP entry for the new network 2.2.2.0 / 24.
    Step 2: Create a Static Route
    Step 3:
    Configuring a smtp server behind sonicWALL with the new WAN subnet.

    Step 1

    Create a static ARP assignment

    1.Login to the SonicWALL's Management page
    2.Select Network > ARP
    3.Click the ADD button under Static ARP Entries.

    IP Address - Specify the IP address to which theSonicWALL should
    be assigned on the additional WAN subnet.

    Interface - Specify the WAN interface where the
    additional subnet resides.

    Publish Entry -
    Enabling this option causes the SonicWALL to respond to 
    ARP queries for the specified IP address with the SonicWALL's MAC address.
    This box must be checked 
    when creatingadditional subnets. 

    Click OK

     Step 2 

    Configuring Static Routes

    4.Select Network > Routing.
    5.Select Add. Create the following new static route: 
             

    Destination Network:Enter the Network address of the secondary WAN subnet 
    Subnet Mask: Enter the Subnet mask of the secondary WAN subnet 
    Gateway:
    0.0.0.0 
    Interface: Select the WAN interface the secondary subnet resides on 
    Metric: 20
     
           
    6.Click
    OK 

    Step 3: Configuring a smtp server behind SonicWALL with the new WAN subnet.

    The SMTP server at 192.168.168.100 will be NATed to 2.2.2.50 ip address when going out to the internet. Likewise, the SMTP server can be access from the outside using IP Address 2.2.2.50.

    1.Go to Network-->
    One-to-One NAT

    2.Check the Enable One-to-One NAT  check box and Click
    Apply



    3.Click on Add , the Add NAT Entry window is displayed 

    Private Range Start: 192.168.168.100
    Public Range Start:
    2.2.2.50
    Range Length: 1

    4.Click Ok

    5.Go to Firewall-->Access Rules 

    6.Click on Add,  Add rule window is displayed

    Action: Allow
    Service :
    Send E-Mail (SMTP)
    Source  :
    WAN  
                Address Range Begin :
    *
                Address Range End : Blank
    Destination : LAN
                Address Range Begin : 
    192.168.168.100
                Address Range End : 192.168.168.100


    Secondary subnets can be utilized in both NAT and transparent modes.

    NOTE: The SonicWALL will not respond to HTTP/HTTPS management traffic on a published Static ARP IP address.

    See Also:

      UTM: Assigning Multiple Public IP (WAN) Subnets and Using Secondary Ranges in One-to-one NAT Configurations on Pro and TZ Appliances

  • Key Words

    7622


Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »

Product(s):
SonicWALL PRO Series
3060, 2040, 1260

Topic(s):
Technical Solutions

Article History:
Created on: 1/12/2010
Last Update on: 5/13/2014