Article Applies To:

Affected SonicWALL Security Appliance Platforms:
Gen4: PRO series: PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless (RevB)
Gen3: PRO series: PRO 330, PRO 300, PRO 230, PRO 200, PRO 100

Firmware/Software Version: Sonic OS Standard
Services: Multiple WAN subnets


When the ISP has allocated two public IP address ranges, special configuration is required to allow the SonicWALL to use the secondary public IP address range for one-to-one NATs. This document describes the two possible configuration methods


ISP provided primary subnet configured on the X1 (WAN) interface:
Additional block of IP addresses provided by the ISP: 
SMTP Server in the LAN to be accessed from outside using



Step 1: Create a Static ARP entry for the new network / 24.
Step 2: Create a Static Route
Step 3:
Configuring a smtp server behind sonicWALL with the new WAN subnet.

Step 1

Create a static ARP assignment

1.Login to the SonicWALL's Management page
2.Select Network > ARP
3.Click the ADD button under Static ARP Entries.

IP Address - Specify the IP address to which theSonicWALL should
be assigned on the additional WAN subnet.

Interface - Specify the WAN interface where the
additional subnet resides.

Publish Entry -
Enabling this option causes the SonicWALL to respond to 
ARP queries for the specified IP address with the SonicWALL's MAC address.
This box must be checked 
when creatingadditional subnets. 

Click OK

 Step 2 

Configuring Static Routes

4.Select Network > Routing.
5.Select Add. Create the following new static route: 

Destination Network:Enter the Network address of the secondary WAN subnet 
Subnet Mask: Enter the Subnet mask of the secondary WAN subnet 
Interface: Select the WAN interface the secondary subnet resides on 
Metric: 20

Step 3: Configuring a smtp server behind SonicWALL with the new WAN subnet.

The SMTP server at will be NATed to ip address when going out to the internet. Likewise, the SMTP server can be access from the outside using IP Address

1.Go to Network-->
One-to-One NAT

2.Check the Enable One-to-One NAT  check box and Click

3.Click on Add , the Add NAT Entry window is displayed 

Private Range Start:
Public Range Start:
Range Length: 1

4.Click Ok

5.Go to Firewall-->Access Rules 

6.Click on Add,  Add rule window is displayed

Action: Allow
Service :
Send E-Mail (SMTP)
Source  :
            Address Range Begin :
            Address Range End : Blank
Destination : LAN
            Address Range Begin :
            Address Range End :

Secondary subnets can be utilized in both NAT and transparent modes.

NOTE: The SonicWALL will not respond to HTTP/HTTPS management traffic on a published Static ARP IP address.

See Also:

  UTM: Assigning Multiple Public IP (WAN) Subnets and Using Secondary Ranges in One-to-one NAT Configurations on Pro and TZ Appliances