Article Applies To:
Affected SonicWALL Security Appliance Platforms:
Gen4: PRO series: PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless (RevB)
Gen3: PRO series: PRO 330, PRO 300, PRO 230, PRO 200, PRO 100
SOHO3/TELE3/GX series: SOHOW, SOHO3, TELE3, TELE3 SP, TELE3 TZ, TELE3 TZX, GX 650, GX 250
Firmware/Software Version: Sonic OS Standard
Services: Multiple WAN subnets
When the ISP has allocated two public IP address ranges, special configuration is required to allow the SonicWALL to use the secondary public IP address range for one-to-one NATs. This document describes the two possible configuration methods
ISP provided primary subnet configured on the X1 (WAN) interface: 220.127.116.11/24.
Additional block of IP addresses provided by the ISP: 18.104.22.168/24.
SMTP Server in the LAN to be accessed from outside using 22.214.171.124
Step 1: Create a Static ARP entry for the new network 126.96.36.199 / 24.
Step 2: Create a Static Route
Step 3: Configuring a smtp server behind sonicWALL with the new WAN subnet.
Create a static ARP assignment
1.Login to the SonicWALL's Management page
2.Select Network > ARP
3.Click the ADD button under Static ARP Entries.
IP Address - Specify the IP address to which theSonicWALL should
be assigned on the additional WAN subnet.
Interface - Specify the WAN interface where theadditional subnet resides.
Publish Entry - Enabling this option causes the SonicWALL to respond to
ARP queries for the specified IP address with the SonicWALL's MAC address.
This box must be checked when creatingadditional subnets.
Configuring Static Routes
4.Select Network > Routing.
5.Select Add. Create the following new static route:
|Destination Network:Enter the Network address of the secondary WAN subnet
Subnet Mask: Enter the Subnet mask of the secondary WAN subnet
Interface: Select the WAN interface the secondary subnet resides on
Step 3: Configuring a smtp server behind SonicWALL with the new WAN subnet.
The SMTP server at 192.168.168.100 will be NATed to 188.8.131.52 ip address when going out to the internet. Likewise, the SMTP server can be access from the outside using IP Address 184.108.40.206.
1.Go to Network-->One-to-One NAT
2.Check the Enable One-to-One NAT check box and Click Apply
3.Click on Add , the Add NAT Entry window is displayed
|Private Range Start: 192.168.168.100
Public Range Start: 220.127.116.11
Range Length: 1
5.Go to Firewall-->Access Rules
6.Click on Add, Add rule window is displayed
Service : Send E-Mail (SMTP)
Source : WAN
Address Range Begin : *
Address Range End : Blank
Destination : LAN
Address Range Begin : 192.168.168.100
Address Range End : 192.168.168.100
Secondary subnets can be utilized in both NAT and transparent modes.
NOTE: The SonicWALL will not respond to HTTP/HTTPS management traffic on a published Static ARP IP address.
UTM: Assigning Multiple Public IP (WAN) Subnets and Using Secondary Ranges in One-to-one NAT Configurations on Pro and TZ Appliances