On Feb 1, 9:10*pm, WISP wrote:
> I am in the process of installing a new network. New T1, new sonicwall
> pro 3060 firewall, the works. The WAN port on the sonicwall is a
> static public ip address. I have the lan on a private network. What I
> need to do is get a public ip address to function within the private
> network. Not using the DMZ. I am wondering if this is even possible. I
> am very clueless to static routes. Any help would be appreciated.

may be you could try one to one NAT...

WISP wrote:
> I am in the process of installing a new network. New T1, new sonicwall
> pro 3060 firewall, the works. The WAN port on the sonicwall is a
> static public ip address. I have the lan on a private network. What I
> need to do is get a public ip address to function within the private
> network. Not using the DMZ. I am wondering if this is even possible. I
> am very clueless to static routes. Any help would be appreciated.

c'mon, the pro 3060 is a decent device, read the documentation if you will be working on it.

assuming you have "enhancd" OS, which is most likely:

assuming you got an IP range from your ISP
you create an object for "server ip inside"
create an object for "server IP outside"

creat NAT from "server IP outside" to "server ip inside"
create NAT from "server ip inside" to "server IP outside"

create firewall rule:
from Zone: WAN ro LAN, allow any source to "server IP outside" whatever service you want

you'r done.


if you actually want to use the public IP in your LAN without NAT:


create object "public_ip" in LAN with public IP


create NAT entry: "public_ip" to any -keep original (which means do _not_ perform nat)
(do it in both directions if you want it to be reached from the outside, and add firewall rule)

since this is more specific than the one to many default rule (perform NAT on all LAN IP's with Sonicwall Public IP) it
will work.

now this "public_ip" is accessible from outside and has Internet Access.

now you need to add a static route for the LAN zone to _not_ take default gateway, if it wants to access "public_ip"

actually, I believe Sonicwall will add this entry automatically, once you create the object on the LAN Zone.
just check your routing table after creating the object.

M

WISP wrote:
> I am in the process of installing a new network. New T1, new sonicwall
> pro 3060 firewall, the works. The WAN port on the sonicwall is a
> static public ip address. I have the lan on a private network. What I
> need to do is get a public ip address to function within the private
> network. Not using the DMZ. I am wondering if this is even possible. I
> am very clueless to static routes. Any help would be appreciated.

yes it's possible.

short version:


create object "public_IP_onlan" in the LAN Zone

create NAT rule: "public_IP_onlan" to any - keep original (on Interface WAN)
means "public_IP_onlan" will _not_ be nat'ed, when it accesses internet.

check routing table - Sonicwall might have already created a route for all firewalled IP's to NOT take default gateway
to reach "public_IP_onlan"

if not create that rule.

the 3060 is a dezent box, if you keep working with it, read the documentation, you can do a lot with it.

M