How to Configure Multiple WAN IP Addresses part of the same network of the WAN Interface

Description

In this scenario, your ISP provides you with a range of public IP addresses for using purposes, however, SonicWall firewall only allows you to assign a single public ip address into a WAN Interface. When using multiple public IP addresses with your SonicWall firewall, you have the flexibility to implement Static ARP entries, a powerful feature that optimizes network communication and enhances security. SonicWall provides an efficient and secure way to configure these Static ARP entries, allowing you to achieve seamless connectivity for your various public IP addresses. 

Resolution

Schema:

  • A user needs to access a service located behind of the firewall through the server named SRV-01.
  • The X1 WAN interface of the firewall is configured as of 49.228.132.41.
  • Subnet 10.0.0.0/24 is connected to X0. Server SRV-01 will use the WAN IP 49.228.132.46.
  • There’s already a NAT Policy and Access Rule correctly configured, but still service is not accessible.


NOTE: Mostly, the Access Rule and NAT Policy when configured, should be enough to provide the access to the internal service.


Image


NOTE: You might use different Zones in this context, such as DMZ, WLAN, etc. 


Step 1.

Create a static ARP entry for the SonicWALL IP/MAC address of the secondary WAN IP. Enable the option “Publish Entry,” and hit Save.

Image


NOTE: If you are not sure of which MAC Address should be used in the "Add Static Entry", run a Packet Monitor and check the MAC Address in Packet Details.  


From here, these steps are only for those who didn’t create neither NAT Policy, nor the Access Rule.


Step 2.

Create the Address Object with the second WAN IP Address:

Name: <string>

Zone Assignment: WAN

Type: Host

IP Address: 49.228.132.46


Step 3.

Add the Access Rule:

From WAN to LAN

Source: Any (or specific IP, range, network)

Destination: second WAN IP Address Object

Service: Any (specific service)


Step 4.

Add NAT Policy:


Original Source: Any

Translated Source: Original

Original Destination: second WAN IP Address Object

Translated Destination: SRV-01 Object (IP 10.0.0.1)

Original Service: Any

Translated Service: Original

Inbound Interface: X1

Outbound Interface: Any

Related Articles

  • Using 31-Bit Prefixes on IPv4 Address Error: Index of the interface: Invalid IP Address
    Read More
  • How to block a website using CFS 4.0 CLI commands
    Read More
  • How to Configure Wire / Tap mode in SonicOS
    Read More

Categories

Firewalls
TZ Series
Networking
Firewalls
NSa Series
Networking
Firewalls
NSv Series
Networking
not finding your answers?
Ask the Community
was this article helpful?
YesNo