How to Configure Multiple WAN IP Addresses part of the same network of the WAN Interface
08/07/2023
17 People found this article helpful
166,640 Views
Description
In this scenario, your ISP provides you with a range of public IP addresses for using purposes, however, SonicWall firewall only allows you to assign a single public ip address into a WAN Interface. When using multiple public IP addresses with your SonicWall firewall, you have the flexibility to implement Static ARP entries, a powerful feature that optimizes network communication and enhances security. SonicWall provides an efficient and secure way to configure these Static ARP entries, allowing you to achieve seamless connectivity for your various public IP addresses.
Resolution
Schema:
- A user needs to access a service located behind of the firewall through the server named SRV-01.
- The X1 WAN interface of the firewall is configured as of 49.228.132.41.
- Subnet 10.0.0.0/24 is connected to X0. Server SRV-01 will use the WAN IP 49.228.132.46.
- There’s already a NAT Policy and Access Rule correctly configured, but still service is not accessible.
NOTE: Mostly, the Access Rule and NAT Policy when configured, should be enough to provide the access to the internal service.
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090230801851178.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM1ODU1NjAsImlhdCI6MTcyMjA0OTU2MH0.U-QbtTwhxNSohgg-uc31uF9pzK8h47zVLbJi4wNNyos)
NOTE: You might use different Zones in this context, such as DMZ, WLAN, etc.
Step 1.
Create a static ARP entry for the SonicWALL IP/MAC address of the secondary WAN IP. Enable the option “Publish Entry,” and hit Save.
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090230801270489.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM1ODU1NjAsImlhdCI6MTcyMjA0OTU2MH0.U-QbtTwhxNSohgg-uc31uF9pzK8h47zVLbJi4wNNyos)
NOTE: If you are not sure of which MAC Address should be used in the "Add Static Entry", run a Packet Monitor and check the MAC Address in Packet Details.
From here, these steps are only for those who didn’t create neither NAT Policy, nor the Access Rule.
Step 2.
Create the Address Object with the second WAN IP Address:
Name: <string>
Zone Assignment: WAN
Type: Host
IP Address: 49.228.132.46
Step 3.
Add the Access Rule:
From WAN to LAN
Source: Any (or specific IP, range, network)
Destination: second WAN IP Address Object
Service: Any (specific service)
Step 4.
Add NAT Policy:
Original Source: Any
Translated Source: Original
Original Destination: second WAN IP Address Object
Translated Destination: SRV-01 Object (IP 10.0.0.1)
Original Service: Any
Translated Service: Original
Inbound Interface: X1
Outbound Interface: Any
Related Articles
Categories