Anyone know Sonicwall firewall?

loltim · 8 Mar 2016 at 17:03

I'm trying to set up a basic PPPOE connection to a Vigor 130 ADSL modem and failing. The firewall is a Sonicwall SOHO.

I have configured X1 (WAN) interface as PPPOE and connected this directly to the modem. I've entered the ISP username and password and tried to connect using the static IP. It does not connect. I can connect if I select 'obtain IP address automatically' but this is useless as there is an on-premise Exchange server. I need to use my static IP.

My next thought was to configure X1 as 'Static' rather than 'PPPOE' but there is nowhere to enter the ISP username and password on the modem so this won't work either.

This should be so simple

#Chri5# · 8 Mar 2016 at 17:06

Who is the ISP?

If the static IP is a separate block, I would let the WAN interface pickup a dynamic address. Then create an address object for the static IP you want to use and use this for your incoming NAT & firewall rules to map SMTP/HTTPs (etc) to your on-premise server.

loltim · 8 Mar 2016 at 17:15

BT. Yes. They have a block. Not just one IP.

Would I just need to add my static IP as a WAN Host and replace "WAN Interface IP" in my NAT rule with the new address object I've just created?

#Chri5# · 8 Mar 2016 at 17:37

Yes, that is how I've done similar config's on SonicWalls.

loltim · 8 Mar 2016 at 17:38

Amazing. I will try this. Thanks for your help.

loltim · 8 Mar 2016 at 18:02

Incidentally, could I have just chosen "All Interface IP" or would this cause more problems with security etc?

nutcase · 8 Mar 2016 at 19:33

I use a TZ205 on Zen - they assign an IP for the router and using the automatic setting it works fine. I then use one of the other IPs for servers, using the wizard to bind it to that particular external IP.

#Chri5# · 8 Mar 2016 at 21:19

loltim said:
Incidentally, could I have just chosen "All Interface IP" or would this cause more problems with security etc?

Erm, can't say I've tried "All Interface IP" as I'd expect that to include internal IFs like X0. I wouldn't expect All WAN IP to work as the IP isn't assigned directly to a WAN IF either.

Caged · 8 Mar 2016 at 22:21

When you have a static IP using PPPoE then the same IP will be assigned each time.

What you actually have is a single IP address and then a block on top of that. Add a NAT rule using one of the public IP addresses you have been given and you'll see that it works.

LizardKing · 9 Mar 2016 at 10:38

Never quite got why BT work this way, its been nothing but headaches whenever I've had to use there static ip's

DJMK4 · 9 Mar 2016 at 14:24

I had a few issues with a TZ210 using PPPoE, but its working

However its not a static IP set-up, BT are ridiculous, I dont know why they ever went with them, charging £6.99 per month for a static IP, it should be a £5 one off fee for most providers

Anyway,

X0 Zone LAN connected to their LAN switch

X1 Zone WAN connected to the LAN port of their modem/router (Not the WAN port)

PPPoE settings

Zone: WAN
IP Assignment: PPPoE
Schedule: Always on
Username: [email protected]
Password: obtain from ISP

Obtain IP address automatically (although you can put in static IP)

DNS Servers should be obtained automatically, or you can put your own in,

ensure MTU matches, 1492 is used in the one I set-up,

Reconnect the PPPoE client if the server oes not send traffic for 5 mins.

I used to set-up sonicwalls in previous live, they do work fine

What is your actual issue? check the firewall log. It will give you indication of whats happening when PPPoE tries to initiate

Make sure your router or modem is in bridge mode

loltim · 9 Mar 2016 at 15:24

it's connecting fine, it just wasn't receiving the IP I was expecting so they could receive email to their on-premise Exchange server.

I have created a new interface and plan on taking the modem to site in the next few days.

#Chri5# said:
Erm, can't say I've tried "All Interface IP" as I'd expect that to include internal IFs like X0. I wouldn't expect All WAN IP to work as the IP isn't assigned directly to a WAN IF either.

Yeah I meant All WAN IP. I have seen this set up before but perhaps not with BT.

LizardKing · 9 Mar 2016 at 15:58

loltim said:
it's connecting fine, it just wasn't receiving the IP I was expecting so they could receive email to their on-premise Exchange server.

Setup the X0 as you would to obtain the dhcp ip address, then you should just then be able to use the wizard to publish the Exchange server with the static IP. (just ensure its a usable ip address not the router or broadcast

)

loltim · 11 Mar 2016 at 11:12

#Chri5# said:
Who is the ISP?

If the static IP is a separate block, I would let the WAN interface pickup a dynamic address. Then create an address object for the static IP you want to use and use this for your incoming NAT & firewall rules to map SMTP/HTTPs (etc) to your on-premise server.

This worked fine btw.
Had a bit of a fail when I realised my firewall rule for SMTP hadn't been changed. It was still pointing to 'All WAN IP' which of course didn't work.

Thanks again.

loltim · 11 Mar 2016 at 12:09

Just a thought. I am going to need to add an additional rule to ensure outgoing mail looks like it came from my static IP so it matches the SPF?

Just seems like more and more faff.

I guess the answer is a modem that allows credentials to be stored in it so I can set the Sonicwall interface using Static rather than PPPOE?

#Chri5# · 11 Mar 2016 at 14:03

loltim said:
Just a thought. I am going to need to add an additional rule to ensure outgoing mail looks like it came from my static IP so it matches the SPF?

Just seems like more and more faff.

I guess the answer is a modem that allows credentials to be stored in it so I can set the Sonicwall interface using Static rather than PPPOE?

Yes, but it's only a single extra NAT rule to say SMTP from the private IP of the Exchange is translated to the relevant public IP.

Caged · 11 Mar 2016 at 20:48

Why are you hosting email on an ADSL line?