Network Design

Networks

Collapse -

by Eminent87 · 17 years ago In reply to Network Design

Sorry, I was trying to incorporate a diagram but the format got all screwed up.

Collapse -

by zaferus · 17 years ago In reply to Network Design

I've worked quite a bit with SonicWALLs (a few hundred installs), hopefully I can help.

First of all - having two firewalls is NOT better than one. To get two NAT devices to talk nicely to each other you'll need to do a little dancing in your configuration and it normally causes nothing but headaches in the long run especially as the network grows and changes or if you get VPN involved (even non-SonicWALL) which can then become your own personal nightmare.

Your best configuration option is to:
1. Update your SonicWALL to firmware 6.5.x. Since you have a Generation 2 SonicWALL there will be no cost to upgrade your firmware. Don't forget to save your configuration first and have a copy of 6.4 firmware on hand in case your SOHO/2 pukes during the update. Also you will need a valid mysonicwall account that you used to register the SOHO/2 to begin with to do all of this.

2. Reinstall your ISA server (and remove one NIC). Set it to be a proxy server only. SonicWALL has stateful packet inspection and I believe does a better job firewalling than ISA would anyways.

3. Set your SonicWALL to Proxy Relay (under advanced settings) and put in the IP of your proxy ISA server.

Now you have a solid firewall and a solid proxy server both doing what they do best without interfering with each other. I hope you go with this solution as it is ten times better than a double NAT solution.

Zaf

Collapse -

by Eminent87 · 17 years ago In reply to

Hi Zaf,

Thanks for your input but from what I heard if you configure ISA in cache mode you are limit to what you can do and losing all of the nice functionality that ISA was design for. For example, you cannot restrict messenger or streaming video in cache mode only.

I'm in a process of testing the double NAT scenario in a lab but I can't seem to forward request to the ISA external interface.

Collapse -

by zaferus · 17 years ago In reply to Network Design

If you want to use ISA as a firewall, your best bet may be to put your SonicWALL into "Standard mode". This way it becomes a "bridge" and does not NAT - but will still Firewall. In standard mode it's LAN and WAN IP will be the same.

It should pass traffic straight to your ISA server without complication.

The other thing you can do is set up a static route for the ISA server and the LAN behind it.

Part of your current problem is because of double NAT the SonicWALL does not understand how it can be getting traffic from a network that is not defined to it, or how to get traffic to your LAN as it can only see your ISA server.

This is under advanced - routes. the Gateway setting is the ISA WAN IP, the destination network and subnet is the range of your LAN (just put x.x.x.0 for the IP) and the port would be the LAN port.

Try to update your firmware first if you can some of the older firmwares used to have some bugs with this; but either configuration should work ok.

Zaf

Collapse -

by Eminent87 · 17 years ago In reply to

Hi Zaf,

Thanks for your suggestions, I will give it a try.

Collapse -

by Eminent87 · 17 years ago In reply to Network Design

This question was closed by the author

Networks

General discussion

Network Design

All Comments

Start or search

Create a new discussion

Post type

Subject title

Topic Tags

Message Body

Track this discussion and email me when there are updates

Related Discussions

Linksys Velop: A simple solution for spotty Wi-Fi

Updating local DNS table

File not saving to new local server name

pathping results analysis, cannot connect to a website

Wireless modem and ethernet old computer

Related Forums