How can I set up a SonicWall firewall behind an ISP modem?

• SonicWall is a firewall with routing capabilities (henceforth referred to as the firewall).
• An ISP modem is a router with some firewall capability.
• One can set up an ISP modem either as a "Router" or in Bridged Mode (Fig. 1). In the former (router) case, the public IP is associated with the modem (Fig. 1a). If the modem is in Bridged Mode, the public IP address can be used on the firewall (Fig. 1b). Setting the ISP modem in Bridged Mode does not interfere with the traffic to the firewall . However a modem set in Router mode will NAT the traffic. In this case, The WAN interface of the firewall will have a private IP address (Fig. 1a. e.g., 192.168.1.2). Therefore to avail any of the services on the firewall, one has to allow them through the ISP Modem. Key scenarios include: VPN and Port Forwarding. This article discusses the setup in Routing mode.

   

  CAUTION: Setting up a private IP on the SonicWall may cause network issues on VPN, VoIP, Port Forwarding while it should be ok for general Internet traffic. You may want to configure your router into bridge mode so you can configure your Public IP on the SonicWall's X1 Interface.

Fig. 1. Installation of a SonicWall firewall behind an ISP modem.

Following example illustrates a scenario in which a firewall is installed behind an ISP modem by connecting to the DMZ port of the latter.

Fig. 2. Setting up a SonicWall firewall behind an ISP modem (router)'s DMZ zone.

Use of Dynamic DNS:

A typical ISP scenario for home Internet involves DHCP IP addresses, which makes it difficult to set up services behind the firewall (Fig. 2), I wanted to set up a web server to be accessed from the Internet. To achieve it, I have created a dynamic DNS,e.g., mysite.dyndns with a public provider that keeps track of my DHCP IP address by continuous monitoring.