Help me setup 2 public IPs on our firewall

Man of Honour
Joined
17 Oct 2002
Posts
9,711
Location
Retired Don
Hi guys,

We have a Sonicwall TZ180 firewall, and 2 public IPs provided by our internet service.

So far we've been using one public IP, which is the WAN IP on the firewall, and we have some access rules setup for port forwarding.

We now have a need to run 2 websites on port 443 on 2 different virtual servers, so we need to use the 2nd public IP that we have, but I have no idea how to configure this on the firewall.

Any help would be great!
 
Man of Honour
OP
Joined
17 Oct 2002
Posts
9,711
Location
Retired Don
Just been doing some more reading, will I need to put a switch in between the WAN switch and the Firewall, and plug the server requiring the 2nd public IP directly into in with the public IP as its static IP, with the rest plugged into the firewall?

Thanks,

Mal
 
Soldato
Joined
17 Jul 2008
Posts
7,367
If I understand right,

you have a no nat WAN router than connects to a firewall,

you need to plug the WAN router into a switch,

then simply plug the firewall into the switch, and the new box...

you can always user host headers to have several web sites on the same port on the same box.

(you tell the web server that www.a.com goes to web site 1, and www.b.com goes to web site 2)
 
Man of Honour
OP
Joined
17 Oct 2002
Posts
9,711
Location
Retired Don
If I understand right,

you have a no nat WAN router than connects to a firewall,

you need to plug the WAN router into a switch,

then simply plug the firewall into the switch, and the new box...

you can always user host headers to have several web sites on the same port on the same box.

(you tell the web server that www.a.com goes to web site 1, and www.b.com goes to web site 2)

Thanks for that.

I was considering host headers, but this is for https port 443 sites, so I don't think that will work easily!

Cheers,

Mal
 
Soldato
Joined
17 Jul 2008
Posts
7,367
I admit i only took 30s and only half read the article but..

http://www.microsoft.com/technet/pr...108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true

You can configure Web sites that use host headers to serve protected content over a Secure Sockets Layer (SSL) connection, that is, a connection that uses https:// instead of http://. To use SSL with host headers, you must obtain and install a wildcard server certificate. After you configure SSL host headers for a Web site, protected content is served only over an https:// connection.
 
Soldato
Joined
27 Feb 2003
Posts
7,171
Location
Shropshire
Which version of SonicOS is the TZ running - Standard or Enhanced?

That makes a big difference in setting up the port foward. Everything can stay behind the SonicWall.
 
Soldato
Joined
27 Feb 2003
Posts
7,171
Location
Shropshire
One-to-One NAT is then. From the web GUI:

Network > One-to-One NAT
Enable it and add your new server with the relevant internal and public IPs (public will be the second one you have off your ISP). Note there's no need to "declare" this IP on the interface section.

Then in Firewall > Access Rules
Create a new rule to allow HTTPS from * (or just WAN) through to the LAN with the private IP of your new server

There's some screen shots based on SonicOS Standard 2.0 on page 6 onwards here (PDF).

HTH,
Chris.
 
Soldato
Joined
27 Feb 2003
Posts
7,171
Location
Shropshire
Not a problem, the NAT engine in the firewall will look after the translation and direct traffic accordingly.

As an example...

Say your internal servers with the HTTPS site were 192.168.10.11 and .12. You could have two rules to allow HTTPS from the WAN to each IP. Or, you can have a single rule to allow HTTPS with the destination as the range 192.168.10.11-12.

I've found an extra bit of documentation:

You have three web servers on the LAN with the IP addresses of 192.168.1.10, 192.168.1.11, and 192.168.1.12. Each of the servers must have a default gateway pointing to 192.168.1.1, the SonicWALL security appliance LAN IP address.

You also have three additional IP addresses from your ISP, 208.1.2.4, 208.1.2.5, and 208.1.2.6, that you want to use for three additional web servers. Use the following steps to configure One-to-One NAT:

1 Select Enable One-to-One NAT.
2 Click Add. The Add NAT Entry window is displayed
3 Enter in the IP address, 192.168.1.10, in the Private Range Begin field.
4 Enter in the IP address, 208.1.2.4, in the Public Range Begin field.
5 Enter in 3 in the Range Length field.

For the firewall rule:

Configure the following settings:
• Allow
• Service - HTTP (or HTTPS)
• Source - WAN
• Destination - LAN 192.168.1.10 - 192.168.1.12
 
Last edited:
Back
Top Bottom