• SonicOS 7.0
• Overview
  • About SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• Interfaces
  • About Interfaces
    • Physical and Virtual Interfaces
      • Physical Interfaces
      • Virtual Interfaces (VLAN)
      • Subinterfaces
    • SonicOS Secure Objects
    • One Arm Mode and Single Interface Support
    • Transparent Mode
    • IPS Sniffer Mode
      • Sample IPS Sniffer Mode Topology
    • Firewall Sandwich
    • HTTP/HTTPS Redirection
      • HTTP/HTTPS Redirection with DP Offload
    • Enabling DNS Proxy on an Interface
    • LTE Modem Support
    • LAN Bypass
  • Interface Settings IPv4
    • Adding Virtual Interfaces
      • Configuring General Settings for Virtual Interface
      • Configuring Advanced Settings for a Virtual Interface
      • Configuring Virtual Interfaces (VLAN Subinterfaces)
    • Configuring Routed Mode
    • Enabling Bandwidth Management on an Interface
    • Configuring Interfaces in Transparent IP Mode (Splice L3 Subnet)
      • Configuring Advanced Settings for a Transparent IP Mode Interface
    • Configuring Wireless Interfaces
      • Configuring Advanced Settings for a Wireless Interface
    • Configuring WAN Interfaces
      • Configuring Advanced Settings for a WAN Interface
      • Configuring Protocol Settings for a WAN Interface
    • Configuring Tunnel Interfaces
    • Configuring VPN Tunnel Interfaces
    • Configuring Link Aggregation and Port Redundancy
      • Link Aggregation
        • Link Aggregation Failover
        • Link Aggregation Limitations
        • Link Aggregation Configuration
      • Port Redundancy
        • Port Redundancy Failover
        • Port Redundancy Configuration
    • Configuring One Arm Mode
    • Configuring an IPS Sniffer Mode Appliance
      • Configuration Task List for IPS Sniffer Mode
      • Configuring the Primary Bridge Interface
      • Configuring the Secondary Bridge Interface
      • Configuring SNMP
      • Configuring IPS Sniffer Mode
    • Configuring Security Services (Unified Threat Management)
      • Configuring Logging
      • Connecting a Mirrored Switch Port to an IPS Sniffer Mode Interface
      • Connecting and Configuring a WAN Interface to the Data Center
    • Configuring Wire and Tap Mode
      • Configuring an Interface for Wire Mode
      • Configuring Wire Mode for a WAN/LAN Zone Pair
      • Configuring Wire Mode with Link Aggregation
    • Layer 2 Bridged Mode
      • Key Features of SonicOS Layer 2 Bridged Mode
      • Key Concepts to Configuring L2 Bridged Mode and Transparent Mode
      • Comparing L2 Bridged Mode to Transparent Mode
        • Comparison of L2 Bridged Mode to Transparent Mode
        • Benefits of Transparent Mode over L2 Bridged Mode
        • ARP in Transparent Mode
        • VLAN Support in Transparent Mode
        • Multiple Subnets in Transparent Mode
        • Non-IPv4 Traffic in Transparent Mode
        • ARP in L2 Bridged Mode
        • VLAN Support in L2 Bridged Mode
        • L2 Bridge IP Packet Path
        • Multiple Subnets in L2 Bridged Mode
        • Non-IPv4 Traffic in L2 Bridged Mode
      • L2 Bridge Path Determination
      • L2 Bridge Interface Zone Selection
        • Security Services Directionality
        • Access Rule Defaults
        • WAN Connectivity
      • Sample Topologies
        • Wireless Layer 2 Bridge
        • Inline Layer 2 Bridged Mode
        • Perimeter Security
        • Internal Security
        • Layer 2 Bridged Mode with High Availability
        • Layer 2 Bridged Mode with SSL VPN
        • WAN to LAN Access Rules
      • Configuring Network Interfaces and Activating L2B Mode
        • Installing the Appliance between the Network and an SSL VPN Appliance
        • Configuring or Verifying Settings
      • Configuring Layer 2 Bridged Mode
        • Configuration Task List for Layer 2 Bridged Mode
        • Configuring the Common Settings for L2 Bridged Mode Deployments
          • Licensing Services
          • Disabling a DHCP Server
          • Configuring SNMP Settings
          • Enabling SNMP and HTTPS on the Interfaces
          • Enabling Syslog
          • Activating Security Services on Each Zone
          • Creating Access Rules
          • Configuring Log Settings
          • Configuring Wireless Zone Settings
        • Configuring Layer 2 Bridged Mode Procedure
          • Configuring the Primary Bridge Interface
          • Configuring the Secondary Bridge Interface
          • Configuring an L2 Bypass for Hardware Failures
        • VLAN Integration with Layer 2 Bridged Mode
        • VPN Integration with Layer 2 Bridged Mode
      • Asymmetric Routing
    • Configuring Interfaces for IPv6
  • 31-Bit Network Settings
    • 31-Bit Network Environment Example
    • Configuring a 31-Bit Network in SonicOS
  • PPPoE Unnumbered Interface Support
    • Sample Network Topography
    • Caveats
    • Configuring a PPPoE Unnumbered Interface
    • Configuring HA with PPPoE Unnumbered
• Failover & LB
  • Settings
  • Groups
  • Statistics
• Neighbor Discovery
  • NDP Cache
    • Flushing the NDP Cache
  • Static NDP Entries
    • Adding Static NDP Entries
    • Editing Static NDP Entries
    • Deleting Static NDP Entries
  • NDP Settings
• ARP
  • ARP Cache
    • Flushing the ARP Cache
  • Static ARP Entries
    • Viewing Static ARP Entries
    • Adding Static ARP Entries
    • Editing Static ARP Entries
    • Deleting Static ARP Entries
    • Secondary Subnets with Static ARP
      • Adding a Secondary Subnet
        • Secondary Subnet Example
  • ARP Settings
• MAC IP Anti-Spoof
  • MAC IPv4 and IPv6 Anti-Spoof Settings
  • Configuring MAC IP Anti-Spoof Settings
  • Anti-Spoof Cache
  • Spoof Detected List
• Web Proxy
  • User Proxy Servers
  • Proxy Forwarding
    • Adding User Proxy Servers
    • Editing User Proxy Servers
    • Deleting User Proxy Servers
• PortShield Groups
  • SonicOS Support of X-Series Switches
    • About the X-Series Solution
    • Performance Requirements
    • Key Features Supported with X-Series Switches
    • PortShield Functionality and X-Series Switches
      • Different Traffic Scenarios with PortShield
      • Prerequisites for PortShielding X-Series Switches
      • Dell X-Series Daisy-Chaining Support
        • Assumptions and Dependencies
        • Daisy-chaining Support
    • PoE/PoE+ and SFP/SFP+ Support
    • X-Series Solution and SonicPoints
    • Managing Extended Switches using GMS
    • Extended Switch Global Parameters
    • About Links
      • About Uplink Interfaces
      • Criteria for Configuring an Uplink Interface
    • Logging and Syslog Support
  • Supported Topologies
  • Port Graphics
  • Port Configuration
  • External Switch Configuration
  • External Switch Diagnostics
    • Switch Information
    • Statistics
    • Firmware Management
  • Configuring PortShield Groups
    • Configuring PortShield Interfaces on NETWORK | System > Interfaces
    • Configuring PortShield Interfaces with the PortShield Interface Guide (TZ Series Firewalls Only)
    • Configuring PortShield Interfaces on NETWORK | System > PortShield Groups
    • Configuring External Switch PortShield Groups from Port Graphics
• PoE Settings
  • Enabling PoE on the Appliance
• VLAN Translation
  • Mapping Modes
  • Mapping Persistence
  • Map Multiple Interface Pairs
  • Creating and Managing VLAN Maps
    • Creating a VLAN Map
      • Creating a Wire Mode Pair in Secure Mode
      • Creating the VLAN Mapping
    • Managing VLAN Mappings
      • Editing Mappings
      • Filtering Mappings
      • Deleting Mappings
• IP Helper
  • Using IP Helper
    • About IP Helper
      • VPN Tunnel Interface Support for IP Helper
      • DHCPv6 Relay
        • About DHCPv6 Relay
        • Configuring DHCPv6 Relay
    • IP Helper Settings
      • Relay Protocols
      • Policies
      • DHCP/DHCPv6 Relay Leases
  • Configuring IP Helper
    • Enabling IP Helper
    • Managing Relay Protocols
      • Adding User-Defined Relay Protocols
      • Deleting Custom Protocols
    • Managing IP Helper Policies
      • Adding an IP Helper Policy
      • Editing an IP Helper Policy
      • Deleting IP Helper Policies
    • Filtering which DHCP Relay Leases are Displayed
    • Displaying IP Helper Cache from TSR
• Dynamic Routing
  • Route Advertisement
  • OSPFv2
    • General Settings
  • OSPFv3
  • RIP
  • RIPng
  • Settings
• DHCP Server
  • Configuring a DHCP Server
    • Configuring the DHCP Server Settings
      • Configuring the DHCP Server for DNS Proxy
    • Configuring DHCP Server Lease Scopes
    • Current DHCP Leases
      • Current DHCP Leases IPv4
      • Current DHCP Leases IPv6
    • DHCPv6 Relay
  • Configuring Advanced Options
    • Configuring DHCP Option Objects
    • Configuring DHCP Option Groups
    • Configuring a Trusted DHCP Relay Agent Address Group (IPv4 Only)
    • Enabling Trusted DHCP Relay Agents
    • Configuring IPv4 DHCP Servers for Dynamic Ranges
      • Add DHCP Dynamic Scope
      • DNS/WINS
      • Advanced
    • Configuring IPv6 DHCP Servers for Dynamic Ranges
      • Add DHCPv6 Dynamic Scope
      • DNS
      • Advanced
    • Configuring IPv4 DHCP Static Ranges
      • Adding Static Range Configuration Settings
    • Configuring IPv6 DHCP Static Ranges
    • Configuring DHCP Generic Options for DHCP Lease Scopes
      • RFC-defined DHCP Option Numbers
    • DHCP and IPv6
• Multicast
  • Multicast Policies
    • Creating a Multicast Address Object
    • Creating a New Multicast Address Group
  • IGMP State
  • Enabling Multicast
    • Enabling Multicast on a LAN-Dedicated Interface
    • Enabling Multicast Support for Address Objects over a VPN Tunnel
• Network Monitor
  • About Network Monitor Policies
  • Configuring Network Monitor Policies
  • Deleting Network Monitor Policies
• AWS Configuration
  • AWS Security Credentials
    • IAM Group and User
  • Firewall Configuration
    • Test Connection
• SonicWall Support
  • About This Document

Configuring WAN Interfaces

• Configuring Advanced Settings for a WAN Interface
• Configuring Protocol Settings for a WAN Interface

A default gateway IP is required on the WAN interface if any destination is required to be reached through the WAN interface that is not part of the WAN subnet IP address space, regardless whether we receive a default route dynamically from a routing protocol of a peer device on the WAN subnet.

Configuring a WAN interface enables Internet connectivity. You can configure up to N minus 2 WAN interfaces on the appliance, where N is the number of interfaces defined on the unit (both physical and VLAN). Only X0 and MGMT interfaces cannot be configured as WAN interfaces.

To configure your WAN interface

1. Navigate to NETWORK | System > Interfaces.
2. Click on the Edit icon in the Configure column for the Interface you want to configure. The Edit Interface dialog displays.
3. If you are configuring an unassigned Interface, select WAN from the Zone menu. If you selected the Default WAN interface, WAN is already selected in the Zone menu.

4. Select one of the following WAN Network Addressing Modes from IP Assignment.

   Depending on the option you choose from the IP Assignment drop-down menu, the options available change. Complete the corresponding fields that are displayed after selecting the option.

   • Static - configures the appliance for a network that uses static IP addresses.
   • DHCP - configures the appliance to request IP settings from a DHCP server on the Internet. NAT with DHCP Client is a typical network addressing mode for cable and DSL customers.
   • PPPoE - uses Point to Point Protocol over Ethernet (PPPoE) to connect to the Internet. If a username and password is required by your ISP, enter them into the User Name and User Password fields. This protocol is typically found when using a DSL modem.
   • PPTP - uses PPTP (Point to Point Tunneling Protocol) to connect to a remote server. It supports older Microsoft Windows implementations requiring tunneling connectivity.
   • L2TP - uses IPsec to connect a L2TP (Layer 2 Tunneling Protocol) server and encrypts all data transmitted from the client to the server. However, it does not encrypt network traffic to other destinations.
   • Tap Mode (1-Port Tap) - allows insertion of the appliance into a network for use with network taps, port mirrors, or SPAN ports. For detailed information, see Configuring Wire and Tap Mode.
   • Wire Mode (2-Port Wire) - allows insertion of the appliance into a network, in Bypass, Inspect, or Secure mode. For detailed information, see Configuring Wire and Tap Mode.
   • Static One Arm Mode - only one firewall interface with a static IP address is used, and all traffic comes into and out from the same interface. See Configuring One Arm Mode.
   • DHCP One Arm Mode - only one firewall interface with a DHCP IP address is used, and all traffic comes into and out from the same interface. See Configuring One Arm Mode.
5. If using DHCP, optionally enter a descriptive name in the Host Name field and any desired comments in the Comment field.
6. If using PPPoE, PPTP, or L2TP, additional fields display:
   • If Schedule is displayed, select the desired schedule from the drop-down menu during which this interface should be connected.
   • In User Name and User Password, type in the account name and password provided by your ISP.
   • If the Server IP Address field is displayed, enter the server IP address provided by your ISP.
   • If the (Client) Host Name field is displayed, enter the host name of the appliance. This is the firewall name from System > Administration | Firewall Administrator.
   • If the Shared Secret field is displayed, enter the value provided by your ISP.
7. If you want to enable remote management of the appliance from this interface, select the supported management protocol(s): HTTPS, Ping, SNMP, and/or SSH.
   • To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created. For information about creating access rules, see SonicOS Policies Administration Guide.
8. If using PPPoE, PPTP, or L2TP, additional fields display:

   • For PPPoE, choose one of the following:

     • Obtain IP Address Automatically to get the IP address from the PPPoE server.
     • Specify IP Address and enter the desired IP address into the field to use a static IP address for this interface.

     • Unnumbered interface and either:

       • Select an unnumbered interface.
       • Create a new unnumbered interface by selecting Create new Unnumbered Interface.

       The interface must be unassigned.

   • For PPTP or L2TP, configure these options:

     • From IP Assignment, select either:

       • DHCP; the IP Address, Subnet Mask, and Gateway Address fields are automatically provisioned by the server.
       • Static, enter the appropriate values for these fields.
     • Select Inactivity Disconnect and enter the number of minutes of inactivity after which the connection is terminated. Clear this option to disable inactivity timeouts.

9. If using DHCP, optionally choose:

   • Request renew of previous IP on startup to request the same IP address for the WAN interface that was previously provided by the DHCP server.
   • Renew DHCP lease on any link up occurrence to send a lease renewal request to the DHCP server every time this WAN interface reconnects after being disconnected.

   The fields displayed below these options are provisioned by the DHCP server. After provisioning, these buttons are available; choose:

   • Renew to restart the DHCP lease duration for the currently assigned IP address.
   • Release to cancel the DHCP lease for the current IP address. The connection is dropped. You need to obtain a new IP address from the DHCP server to reestablish connectivity.
   • Refresh to obtain a new IP address from the DHCP server.
10. To allow selected users with limited management rights to log directly into the appliance from this interface, select HTTP and/or HTTPS in User Login.
11. Check Add rule to enable redirect from HTTP to HTTPS, if you want an HTTP connection automatically redirected to a secure HTTPS connection to the appliance. For more information about this option, see HTTP/HTTPS Redirection.
12. Continue the configuration on the Advanced and Protocol tabs (if displayed) as described in Configuring Advanced Settings for a WAN Interface.
13. To continue with Advanced settings; go to Configuring Advanced Settings for a WAN Interface.
14. If you selected PPPoE, PPTP, or L2TP for IP Assignment, go to Configuring Protocol Settings for a WAN Interface.
15. Click OK.