Configuring Multiple WAN Subnets Using Static ARP With SonicOS Enhanced
Configuring Multiple WAN Subnets Using Static ARP With SonicOS Enhanced
Configuring Multiple WAN Subnets Using Static ARP With SonicOS Enhanced
Answer/Article
Article Applies To:
Affected SonicWALL Security Appliance Platforms:
Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W
Firmware/Software Version: All SonicOS Enhanced versions.
Services: Multiple WAN Subnet Configuration
Feature/Application:
When the ISP has allocated two public IP address ranges, special configuration is required to allow the SonicWALL
public IP address range for one-to-one NATs. This document describes the two possible configuration methods
Scenario:
ISP provided primary subnet configured on the X1 (WAN) interface: 1.1.1.0/24.
Additional block of IP addresses provided by the ISP: 2.2.2.0/24.
SMTP Server in the LAN to be accessed from outside using 2.2.2.50
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP with SonicOS Enhanced (Item Archived 2/10/2011 8:25:07
AM)
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
1 of 9 10/2/2012 1:12 PM
Procedure:
Step 1: Create a Static ARP entry for the new network 2.2.2.0 / 24.
Step 2: Create a Static Route
Step 3: Configuring a smtp server behind sonicWALL with the new WAN subnet.
Step 1 : Creating a Static ARP entry
1. Login to the SonicWALL Management interface.
2. Navigate to the Network > ARP page and click on the ADD button.
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
2 of 9 10/2/2012 1:12 PM
- IP Address: 2.2.2.1 (specify an IP address from
the additional subnet)
- Interface: WAN / X1 (because the additional subnet
resides on the WAN interface)
- Publish Entry - Enabling this option causes the
SonicWALL to respond to ARP queries for the specified IP
address with the SonicWALL's MAC address. This box must
be checked when creating additional subnets.
3. Click OK.
Step 2: Creating a Static Route
4. Navigate to the Network > Routing page.
5. Click on the Add button. Create the following new route policy
Creating a new Address Object
Name: the Address Object for
your secondary subnet
Zone: WAN
Type: Network
Network: Enter the Network ID
of the Secondary subnet
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
3 of 9 10/2/2012 1:12 PM
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
4 of 9 10/2/2012 1:12 PM
The final static route policy
setting
Source: Any
Destination
:New WAN Subnet
Service : Any
Gateway: 0.0.0.0
Interface: X1
Metric: 20
Secondary subnets can be utilized in both NAT and Transparent Modes.
NOTE: The SonicWALL will not respond to HTTP/HTTPS management traffic on a published Static ARP IP address.
Step 3: Configuring a smtp server behind sonicWALL with the new WAN subnet
The SMTP server at 192.168.168.100 will be NATed to 2.2.2.50 ip address when going out to the internet. Likewise
can be access from the outside using IP Address 2.2.2.50.
1. Create a public and a private address object for the SMTP server
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
5 of 9 10/2/2012 1:12 PM
2. Configure an Inbound NAT Policy under Network > NAT Policies
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
6 of 9 10/2/2012 1:12 PM
Adding appropriate NAT
Policies
Original Source: Any
Translated Source: Original
Original Destination: SMTP Server_Public
Translated Destination: SMTP Server_Private
Original Service: SMTP
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: Webserver behind SonicWALL.
Enable NAT Policy: Checked
Create a reflexive policy: Checked
3. Create an Access Rule allowing inbound SMTP access
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
7 of 9 10/2/2012 1:12 PM
Action:Allow
From Zone:WAN
To Zone:LAN
Service: SMTP
Source: Any
Destination: SMTP Server_Public
Users Allowed: All
Schedule: Always on
Enable Logging: checked
Allow Fragmented Packets: checked
See Also:
UTM: How to configure Static Route on the SonicWALL
SonicOS Enhanced: Simulating Transparent Mode for Multiple SubNets
SonicOS Enhanced: Using a Secondary Public IP Range for NAT
UTM: Do you need help with Opening Ports, NAT Policies or Firewall Access rules
Related Items
UTM: How to Configure Static Routes in SonicOS (Standard and Enhanced)
UTM : Configuring Multiple WAN Subnets Using Static ARP with SonicOS Standard
Archived -- SonicOS: The log shows "IPSpoof Messages".
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
8 of 9 10/2/2012 1:12 PM
KBID 7621
Date Modified 2/10/2011
Date Created 1/12/2010
Archived -- UTM: Configuring Multiple WAN Subnets Using Static ARP ... https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=762...
9 of 9 10/2/2012 1:12 PM