How can I configure secondary IP address on WAN interface for firewall management purpose?

10/14/2021 199 People found this article helpful 515,372 Views

Description

It is not currently possible to directly assign more than a single IP address to a primary or secondary WAN interface, but the SonicWall appliance is capable of answering on behalf of a 1-2-1 NAT policy set up for a network resource. This would be useful in environments where an ISP has assigned a customer multiple dissimilar public IP subnet blocks, and the customer wishes to use IP addresses from these blocks to either provide access to internal network resources or manage the SonicWall appliance.

This article explains how to configure a Secondary IP address on the WAN interface to manage the SonicWall appliance.

Resolution

WAN IP (X1 IP)	10.103.20.82/24
Secondary WAN IP (X1_IP2)	10.103.20.83/24
LAN management IP (X0 IP)	192.168.136.168/24

Procedure

Create Address Object for the secondary IP.
Create NAT Policy.
Create Access Rules.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Creating the new Address Object

Navigate to Object | Match Objects | Addresses.
Click Add.
Create an Address Object as below and click Save button to save settings.

Creating the NAT Policy

Navigate to Policies | Rules and Policies | NAT Rules.
Click on Add.
Create an NAT as below and click Add button to save.

Creating the WAN to LAN Access Rule

Navigate to Policy | Rules and Policies | Access Rules.
Click Add.
Create access rules as below and click on Add.

Also Check "Allow management traffic" on the access rule optional settings tab.

NOTE: Option Allow Management Traffic should be checked in the access rules. This option was introduced from SonicOS 6.2.0 for Gen6 and 5.9.0 for Gen5. So make sure your firmware version on the firewall is newer than them.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Creating the new Address Object

Login to your SonicWall management page and click Manage tab on top of the page.

Navigate to Objects | Address Objects page. On right Side, Click Address objects tab and select View as Custom.
Click Add button under Address Objects, to get Add Address Object Window.
Create an Address Object as below and click OK button to save settings.

Creating the NAT Policy

Login to your SonicWall management page and click Manage tab on top of the page.

Navigate to Rules| NAT Policy page. On right Side.
Click Add button to get Add NAT Policy window.
Create an NAT as below and click OK button to save.

Creating the WAN to LAN Access Rule

Login to your SonicWall management page and click Manage tab on top of the page.

Navigate to Rules |Access Rules. On right side, click Matrix button and choose zone from WAN to LAN.
Click Add and In Add Rule window, create an access rule From WAN To LAN zone as below.
NOTE: Option Enable Management should be checked in the access rules. This option was introduced from SonicOS 6.2.0 for Gen6 and 5.9.0 for Gen5. So make sure your firmware version on the firewall is newer than them.