How can I configure secondary IP address on WAN interface for firewall management purpose?

Description

It is not currently possible to directly assign more than a single IP address to a primary or secondary WAN interface, but the SonicWall appliance is capable of answering on behalf of a 1-2-1 NAT policy set up for a network resource. This would be useful in environments where an ISP has assigned a customer multiple dissimilar public IP subnet blocks, and the customer wishes to use IP addresses from these blocks to either provide access to internal network resources or manage the SonicWall appliance.

This article explains how to configure a Secondary IP address on the WAN interface to manage the SonicWall appliance.


WAN IP (X1 IP)10.103.20.82/24
Secondary WAN IP (X1_IP2)10.103.20.83/24
LAN management IP (X0 IP)192.168.136.168/24

Procedure

  • Create Address Object for the secondary IP.
  • Create NAT Policy.
  • Create Access Rules.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


Creating the new Address Object

  • Navigate to Object | Match Objects | Addresses.
  • Click Add.
  • Create an Address Object as below and click Save button to save settings.

    Image


 Creating the NAT Policy

  • Navigate to Policies | Rules and Policies | NAT Rules.
  • Click on Add.
  • Create an NAT as below and click Add button to save.

    Image


    Image


 Creating the WAN to LAN Access Rule

  • Navigate to Policy | Rules and Policies | Access Rules.
  • Click Add.
  • Create access rules as below and click on Add.

    Image
  • Also Check "Allow management traffic" on the access rule optional settings tab.

    Image

NOTE: Option Allow Management Traffic should be checked in the access rules. This option was introduced from SonicOS 6.2.0 for Gen6 and 5.9.0 for Gen5. So make sure your firmware version on the firewall is newer than them.



Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


Creating the new Address Object

Login to your SonicWall management page and click Manage tab on top of the page.

  • Navigate to Objects | Address Objects page. On right Side, Click Address objects tab and select View as Custom.
  • Click  Add button under Address Objects, to get Add Address Object  Window. 
  • Create an Address Object as below and click OK button to save settings.
    Image

 Creating the NAT Policy

Login to your SonicWall management page and click Manage tab on top of the page.

  • Navigate to Rules| NAT Policy page. On right Side.
  • Click  Add button to get Add NAT Policy window. 
  • Create an NAT as below and click OK button to save.
    Image

 Creating the WAN to LAN Access Rule

Login to your SonicWall management page and click Manage tab on top of the page.

  • Navigate to Rules |Access Rules. On right side, click Matrix button and choose zone from WAN to LAN.
    Image
  • Click Add and In Add Rule window, create an access rule From WAN To LAN zone as below.

    NOTE: Option Enable Management should be checked in the access rules. This option was introduced from SonicOS 6.2.0 for Gen6 and 5.9.0 for Gen5. So make sure your firmware version on the firewall is newer than them.
    Image

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewall Management
Firewalls
NSv Series
Firewall Management
Firewalls
TZ Series
Firewall Management UI
not finding your answers?
Ask the Community