Article Applies To:

Affected SonicWALL Security Appliance Platforms:
Gen4: PRO series: PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless (RevB)
Gen3: PRO series: PRO 330, PRO 300, PRO 230, PRO 200, PRO 100
SOHO3/TELE3/GX series: SOHOW, SOHO3, TELE3, TELE3 SP, TELE3 TZ, TELE3 TZX, GX 650, GX 250

Firmware/Software Version: Sonic OS Standard
Services: Multiple WAN subnets

Feature/Application: 

When the ISP has allocated two public IP address ranges, special configuration is required to allow the SonicWALL to use the secondary public IP address range for one-to-one NATs. This document describes the two possible configuration methods

Scenario:

ISP provided primary subnet configured on the X1 (WAN) interface: 1.1.1.0/24
Additional block of IP addresses provided by the ISP: 2.2.2.0/24. 
SMTP Server in the LAN to be accessed from outside using 2.2.2.50

 

 Procedure:

Step 1: Create a Static ARP entry for the new network 2.2.2.0 / 24.
Step 2: Create a Static Route
Step 3:
Configuring a smtp server behind sonicWALL with the new WAN subnet.

Step 1

Create a static ARP assignment

1.Login to the SonicWALL's Management page
2.Select Network > ARP
3.Click the ADD button under Static ARP Entries.

IP Address - Specify the IP address to which theSonicWALL should
be assigned on the additional WAN subnet.

Interface - Specify the WAN interface where the
additional subnet resides.

Publish Entry -
Enabling this option causes the SonicWALL to respond to 
ARP queries for the specified IP address with the SonicWALL's MAC address.
This box must be checked 
when creatingadditional subnets. 

Click OK

 Step 2 

Configuring Static Routes

4.Select Network > Routing.
5.Select Add. Create the following new static route: 
         

Destination Network:Enter the Network address of the secondary WAN subnet 
Subnet Mask: Enter the Subnet mask of the secondary WAN subnet 
Gateway:
0.0.0.0 
Interface: Select the WAN interface the secondary subnet resides on 
Metric: 20
 
       
6.Click
OK 

Step 3: Configuring a smtp server behind SonicWALL with the new WAN subnet.

The SMTP server at 192.168.168.100 will be NATed to 2.2.2.50 ip address when going out to the internet. Likewise, the SMTP server can be access from the outside using IP Address 2.2.2.50.

1.Go to Network-->
One-to-One NAT

2.Check the Enable One-to-One NAT  check box and Click
Apply



3.Click on Add , the Add NAT Entry window is displayed 

Private Range Start: 192.168.168.100
Public Range Start:
2.2.2.50
Range Length: 1

4.Click Ok

5.Go to Firewall-->Access Rules 

6.Click on Add,  Add rule window is displayed

Action: Allow
Service :
Send E-Mail (SMTP)
Source  :
WAN  
            Address Range Begin :
*
            Address Range End : Blank
Destination : LAN
            Address Range Begin : 
192.168.168.100
            Address Range End : 192.168.168.100


Secondary subnets can be utilized in both NAT and transparent modes.

NOTE: The SonicWALL will not respond to HTTP/HTTPS management traffic on a published Static ARP IP address.

See Also:

  UTM: Assigning Multiple Public IP (WAN) Subnets and Using Secondary Ranges in One-to-one NAT Configurations on Pro and TZ Appliances