Simulating Transparent Mode for Multiple Subnets



Similar documents
Supporting Multiple Firewalled Subnets on SonicOS Enhanced

Best Practices: Pass-Through w/bypass (Bridge Mode)

Using SonicWALL NetExtender to Access FTP Servers

Configuring a customer owned router to function as a switch with Ultra TV

Lab Configuring Access Policies and DMZ Settings

Configuring WAN Failover & Load-Balancing

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

Application Description

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

How to configure your Thomson SpeedTouch 780WL for ADSL2+

SSL-VPN 200 Getting Started Guide

DSL-G604T Install Guides

Optimum Business SIP Trunk Set-up Guide

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

Lab Configuring Access Policies and DMZ Settings

Special Note Ethernet Connection Problems and Handling Methods (CS203 / CS468 / CS469)

Multi-Homing Dual WAN Firewall Router

Debugging Network Communications. 1 Check the Network Cabling

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Firewall VPN Router. Quick Installation Guide M73-APO09-380

SonicOS Enhanced Release Notes

Installation & Operations Manual. VoIP Interface 2100-VOIPLC VoIPLC

TechNote. Configuring SonicOS for Amazon VPC

Scenario 1: One-pair VPN Trunk

Chapter 6 Virtual Private Networking

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

IP Address and Pre-configuration Information

Quick Installation Guide Network Management Card

What is VLAN Routing?

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

SSVP SIP School VoIP Professional Certification

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Device Interface IP Address Subnet Mask Default Gateway

Abstract. Avaya Solution & Interoperability Test Lab

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Multi-Homing Security Gateway

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Protecting the Home Network (Firewall)

Meraki MX50 Hardware Installation Guide

1 PC to WX64 direction connection with crossover cable or hub/switch

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

Chapter 4 Customizing Your Network Settings

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Lab - Configure a Windows 7 Firewall

Configuring Static IP for your Pace Devices

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

D-Link DAP-1360 Repeater Mode Configuration

SETTING UP REMOTE ACCESS FOR Q-SEE DVR SYSTEMS MODEL NUMBER: QC40198

TechNote. Configuring SonicOS for MS Windows Azure

Setting up VPN connection: DI-824VUP+ with Windows PPTP client


C-more Remote Access with Apple ipad or iphone Tutorial

VPN Configuration Guide. Dell SonicWALL

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Application Note Configuring the UGate 3000 for use with ClipMail Pro and ClipExpress

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

STATIC IP SET UP GUIDE VERIZON 7500 WIRELESS ROUTER/MODEM

Using the NetVanta 7100 Series

Recommended Network Setup

Acellus Lab Cart. User s Manual. Version 4B. Acellus Corporation Copyright 2010 Acellus Corporation. All Rights Reserved.

How to convert a wireless router to be a wireless. access point

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

How to Create VLANs Within a Virtual Switch in VMware ESXi

Document No. FO1001 Issue Date: Draft: Work Group: FibreOP Technical Team October 1, 2013 Final:

Guideline for setting up a functional VPN

(1) Network Camera

nexvortex Setup Template

CCProxy. Server Installation

DSL- G604T Frequently asked Questions.

Configuring Routers and Their Settings

Internet Telephony PBX System

Installation of the On Site Server (OSS)

6.40A AudioCodes Mediant 800 MSBG

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

Watson SHDSL Router Application Manual

P-660R-TxC Series. ADSL2+ Access Router. Quick Start Guide

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Using a simple crossover RJ45 cable, you can directly connect your Dexter to any computer.

Lab - Configure a Windows XP Firewall

Virtual LAN Configuration Guide Version 9

Release Notes. SonicOS is the initial release for the Dell SonicWALL NSA 2600 network security appliance.

Enabling NAT and Routing in DGW v2.0 June 6, 2012

DSL Installation Guide

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Integrating Citrix EasyCall Gateway with SwyxWare

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

TotalCloud Phone System

Prestige 324. Prestige 324. Intelligent Broadband Sharing Gateway. Version 3.60 January 2003 Quick Start Guide

Quick Guide of DDNS Settings

Setting up and creating a Local Area Network (LAN) within Windows XP by Buzzons

Using TViX Network. NFS mode : You must install the TViX NetShare utility in to your PC, but you can play the TP or DVD jukebox without stutter.

Firewall Defaults and Some Basic Rules

SETTING UP REMOTE ACCESS FOR Q-SEE DVR SYSTEM

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

Skills Assessment Student Training Exam

ZTE Australia Help Guides MF91

Application Notes for Configuring a SonicWALL Continuous Data Protection (CDP) backup solution with Avaya Voic Pro - Issue 1.

Transcription:

SonicOS Simulating Transparent Mode for Multiple Subnets Introduction One of the recent enhancements made to SonicOS Enhanced was the ability to support transparent or bridge mode. This refers to the capability to support address within the same subnet space on both an external (WAN) and internal (LAN) interface. A limitation to this feature is that the firewall may only support one transparent range so if a scenario is encountered which requires support for additional transparent ranges, a workaround must be utilized. Fortunately SonicOS Enhanced truly is a Swiss army knife ; it s rich array of features and configuration options provide the flexibility to integrate into even the most complex and demanding environments. Real-World Application A web-hosting provider wishes to firewall web servers in transparent mode to provide web hosting without host headers (each site has it's own address). This avoids a potential scenario where some Content Filtering Provider intentionally blacklists one of the hosted sites but inadvertently blocks access to all other sites by virtue of them sharing the same IP address. In this scenario assuming the web hosting service provider has a successful growing business, there is a continual requirement for additional IP addresses. When requesting additional public addresses from a COLO, frequently the additional address space is not contiguous nor falls within previously assigned address space(s). Functional Requirements The example in figure 1 below illustrates the type of functionality that is required in the aforementioned scenario. Notice that the COLO has supplied two Internet feeds to the web-hosting service provider and that each has a separate class-c subnet associated with it. Also notice that in this hypothetical configuration the firewall is configured to support both subnets in transparent mode. Figure 1 Since at this time SonicOS Enhanced does not support a second transparent range outside the scope of the primary WAN subnet, it cannot be configured precisely as the graphic illustrates. There are however several methods of implementing a workaround that will provide nearly identical functionality and should be suitable for most situations.

Solution #1 This solution is useful in situations where the use of a stub subnet for routing between the COLO/ISP s router and the SonicWALL WAN interface is not an option. It is the most cumbersome of all the solutions in terms of internal addressing and configuration data entry but provides an acceptable workaround without any changes to the currently used WAN addressing except for the subnet mask. The following table shows the breakdown. The first network (highlighted in blue) will be used as the stub subnet between the COLO/ISP s router and the SonicWALLs WAN interface. Since network number.128 (highlighted in yellow) contains the most hosts, it will be used as the primary subnet for the internal interfaces (X0 & X3). The remainder of the subnets will be supported as secondary subnets on their respective interfaces. This solution utilizes a new feature in SonicOS 3.0 called Static ARP to accomplish the goal. Through the use of static ARP publishing, the SonicWALL can be configured to support secondary subnets on a single physical interface. Figure 2 below illustrates this configuration. Figure 2 2

Solution #2 This scenario utilizes different physical interfaces for each subnet. In this and the other three example workarounds you will need the cooperation of the COLO/ISP in terms of providing you with a stub subnet (/30) for purposes of routing between their router(s) and the SonicWALLs WAN interface(s). Figure 3 below illustrates this configuration. Figure 3 Solution #3 This scenario utilizes the same physical interface to support multiple subnets. Like the first solution, this solution also utilizes the new Static ARP feature in SonicOS Enhanced 3.x. Figure 4 below illustrates this configuration. Figure 4 3

Solution #4 The final solution uses VLAN technology to partition multiple subnets. It utilizes another new features in SonicOS 3.x enhanced; VLAN support. The use of this solution requires a VLAN capable switch to which the servers will connect to. All but one of the switch s ports are grouped into two VLANs and the remaining port is configured to trunk all VLANs. The SonicWALLs X0 interface is configured with two sub-interfaces to support the incoming VLAN trunk. To demonstrate the flexibility of all three solutions, Figure 5 shows a variation that utilizes only one upstream router. The router is configured to route multiple class C subnets to a single IP assigned to the firewalls X1 interface. Realize that this is just one variation; many are possible. Figure 5 Lab Setup Before implementing this or any other solution into production, it s a good idea to familiarize oneself with the various details involved in configuring it. For this lab setup solution #4 will be detailed in a step-by-step manner. Solution #4 was chosen because it utilizes most of the configuration options of the other solutions, exposes you to some practical usage of the new VLAN functionality in SonicOS Enhanced 3.x, and because it s the most scalable and practical of the solutions. Figure 6 illustrates the setup. 4

Figure 6 1. Configure your VLAN switch for two VLANs. Assign them VLAN ID s of 11 and 12 respectively. Configure the switch to trunk both VLANs to one port and connect that port to the SonicWALLs X0 interface. 2. Assign a static IP address to server #1 of 11.1.1.2. Use a mask of 255.255.255.0 and 11.1.1.1 as the default gateway. Connect this sever to a port in VLAN 1. 3. Assign a static IP address to server #2 of 12.1.1.2. Use a mask of 255.255.255.0 and 12.1.1.1 as the default gateway. Connect this server to a port in VLAN 2. 4. At the SonicWALL, go into the Network>Interfaces configuration page and click the Add Interface button. In the popup window that appears enter the following values: 4.1. Zone: LAN 4.2. VLAN Tag: 11 4.3. Parent Interface: X0 4.4. IP Assignment: Static 4.5. IP address: 11.1.1.1 4.6. Subnet Mask: 255.255.255.0 5

5. Click the OK button to save your settings. It should look something like this: 6. Create another sub-interface and assign it an IP address of 12.1.1.1 and a VLAN tag of 12. All other parameters are the same as the first sub-interface you created. When done it should look something like this: 6

7. Got to the Firewall> Access Rules configuration page and create a rule in the WAN > LAN intersection that allows ping from any source to 11.1.1.2 and 12.1.1.2. You may create an address object group to accomplish this with one access rule. When done it should look something like this: 7

8. Go to the Network>NAT Policies configuration page and locate the two auto-created NAT policies that NAT the X0:V11 and X0:V12 subnet to the WAN Primary IP. Disable them. It should look something like this: 9. Connect a laptop to a switch or hub outside of the firewall. Assign it a public address on the same network as the WAN interface of the SonicWALL. Figure 6 above shows actual Comcast Cable Internet Service public addresses. Change your addressing accordingly. 10. Next, enter the static routes that will configure your laptop to access the 11.1.1.0/24 and 12.1.1.0/24 networks via the SonicWALLs WAN IP address. Open a command prompt and enter the following commands: ROUTE ADD 11.1.1.0 MASK 255.255.255.0 SonicwallWanIP ROUTE ADD 12.1.1.0 MASK 255.255.255.0 SonicwallWanIP 11. Be sure and substitute whatever you SonicWALLs WAN IP address is for the SonicwallWanIP parameter. 8

Optional: 1. Go into the IIS manager program and then open the Default Web Site Properties window. Configure the following options: a. Documents tab. Add index.shtml to the list of default documents. It should look like this: b. Click the OK button when done. 2. Using notepad or some other text editor, create a new file in the c\inetpub\wwwroot directory and call it Index.shtml. Edit this file and enter the following lines (you can copy and paste): <script language="javascript"> var ip = '<!--#echo var="remote_addr"-->' function ipval() { document.myform.ipaddr.value=ip; } window.onload=ipval </script> <H3>Your IP Address is: <form method="post" action="" name="myform"> <input type="text" name="ipaddr" readonly> </form></h3> </HTML> 3. Save the file. Its function is to display the source IP address of any client accessing the site. Test the setup by opening a browser to http://localhost. It should display your IP address on the web page. Testing From the laptop try and ping 11.1.1.2 and then 12.1.1.2. You should get responses in both cases. From servers 11.1.1.2 and 12.1.1.2 access the website on the external laptop. You should see the original IP addresses of both servers. Document Created: 06/07/2005 Last Updated: 06/17/2008 Version 1.1 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information