How to Configure a Secondary Public IP block on the DMZ Interface using Routed Mode
05/22/2023 87 People found this article helpful 406,420 Views
Description
In this scenario, the primary IP block is configured on the X1 (Primary WAN) interface. Let us assume you have obtained a Secondary Block of public IP addresses from your ISP and wish to configure that on another interface, say X2-DMZ. Your requirement is:
- To have hosts connected to that interface configured with the secondary block of public IP addresses
- The hosts to be able to go online without being NAT'ed
- The hosts be directly accessible from the Internet by the IP addresses configured on them.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Step 1: On the upstream router have the Secondary IP block routed towards the SonicWall WAN IP Address, do NOT let the ISP configure a Secondary IP address on the upstream router.
Step 2: Configure an Interface (example, X2) in the DMZ zone with a static IP assignment ( Network | System | Interfaces )
Step 3: Configure an Outbound and Inbound NO-NAT policy.
Outbound policy : Navigate to Policies |Rules and Policies | NAT Rules
Inbound policy : Navigate to Policies | Rules and Policies | NAT Rules
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Step 1: On the upstream Router have the Secondary IP Block routed towards the SonicWall WAN IP Address, do NOT let the ISP configure a Secondary IP address on the upstream router
Step 2: Configure an Interface (e.g. X2) in the DMZ Zone with a static IP assignment (Manage | Network | Interfaces)
Step 3: Create an outbound and inbound NO-NAT Policy
Outbound Policy
Navigate to Manage | Rules | NAT policies
Inbound Policy
Navigate to Manage | Rules | NAT policies
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Step 1: On the upstream Router have the Secondary IP Block routed towards the SonicWall WAN IP Address, do NOT let the ISP configure a Secondary IP address on the upstream router
Step 2: Configure an Interface (e.g. X2) in the DMZ Zone with a static IP assignment (Network | interfaces)
Step 3: Create an outbound and inbound NO-NAT Policy
Outbound Policy
Navigate to Network | NAT policies
Inbound Policy
Navigate to Network | NAT policies
Related Articles
Categories