I have a modem-router device, the device is connected to a DSL phone line to connect its router to the internet, the device in this setting has a public ip address (provided by the ISP) and a local subnet 10.0.0.0/24
Now any PC can connect to internet through this device by connecting an Ethernet cable and obtaining a local IP address from its subnet. Simple….
The problem,
I have a SonicWall NSA 220 device that I need to install behind the modem-router device.
I need to have my local network connected to the SonicWall then in turn have the SonicWall connected to the modem-router device to access the internet. How do I configure the SonicWall WAN port to do this?
P.S. I managed to configure a SonicWall interface to LAN zone, and now I have local network with subnet 192.168.168.0/24, so the question in other words, how do I get this network connected to the internet?
Best Answer
The best answer will be to ask your ISP to either exchange your modem-router combo device for a modem-only device OR see if they can switch it into Bridge mode (where it becomes only a modem and no longer acts as a router). [I have a Cisco modem-router device from my cable ISP that is like that, I called them and they did something on their end then had me reboot it and it was no longer a router]
If you CAN'T do that (or if you need to get up and running fast) then you CAN connect your SonicWALL behind the modem-router device, it will be double-NAT. Some services will be less happy about that but most won't care.
Just configure X1/WAN with an IP on the 10.0.0.0/24 subnet. Your LAN clients (on 192.168.168.0/24) will be NAT'd by the SonicWALL to a 10.0.0.x IP and then NAT'd again by the modem-router device to your actual public IP.
For outbound this isn't an issue. For INBOUND you will need to open ports on your modem-router (pointing to your X1/WAN IP) as well as create NAT rules on your SonicWALL. Or you can look for a "DMZ" option in the modem-router which forwards all ports to the specified IP (basically a wide-open ANY/ANY/ANY NAT rule) -- common on consumer grade routers.
Note: Some of these modem-router combo devices (which, to be honest are not great, and not designed for business use) will only perform NAT/pass-traffic for IPs it has assigned by DHCP, in that case you may need to set X1/WAN to DHCP and have it obtain an IP from the modem-router device. If yours is a 2wire brand this may be the case.
I have configured a SonicWALL NSA 240 (the precursor to the 220) behind another router doing NAT and it wasn't a problem, I just had to create rules on both. The only limitation is that the SonicWALL won't allow the same subnet on two interfaces so you can't also use 10.0.0.0/24 for your LAN.
But if I were you I would contact the ISP and ask to either get them to switch it to Bridge Mode (if possible) or exchange it for an actual DSL modem: so the SonicWALL gets the Public IP on the X1/WAN IP (using Static, PPPoE, DHCP, etc). If not you will be limited by the speed/resources/abilities of the combo device which I suspect are not nearly as robust as the NSA 220.