Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN and DMZ with different public subnets, route to DMZ?

We have two public subnets currently in use in a Sonicwall and are moving them to an XG.

WAN
.67.180/22

DMZ
.68.192/26

The WAN interface is on .67.182. The DMZ interface is on .68.193.

On the Sonicwall, the DMZ interface has a 0.0.0.0 gateway and servers in that subnet get .68.193 as their gateway. There is an auto-added "NAT" policy for the interface by enabling "Use routed mode", which says "don't do NAT translation and route DMZ to WAN".

We're not sure how to do this on the XG, make the WAN port route traffic in/out the DMZ. There is some inward access from DMZ to a few services in the LAN and LAN can hit the DMZ directly. I've seen suggestions in this thread and the one linked in it that it's achievable.



This thread was automatically locked due to age.
Parents Reply
  • Thanks Luk.

    What's the best option for the LAN to DMZ? There's a few things that the DMZ talks inward to the LAN to get that are currently allowed by access rules in the Sonicwall. Traffic between DMZ and LAN or vice versa appears as a 0-hop trip. Do we need anything other than the regular LAN to WAN NAT for that to work?

Children