Smart! I like it. Just be careful as some carrier (especially cell phone carrier) will share an IP with many many many other customers. But still 1000x better than opening it to « any »! Thanks. Haven’t thought about it

Hi Gabriel! Thanks for the feedback. I can surely make a video on DMZ. I already have a few videos lined up. I’ll add it to the list! Thanks

Actually I believe I have done it. Look at my « network segregation » video. Pretty sure I show how to create a DMZ. Have a look and let me know :-)

My pleasure!

That won’t work. Unless you get the first firewall to NAT to your firewall then you can NAT it yourself. But really not optimal. Best would be to get your own internet.

Ok, it´s next in line :-)

I dont play with it. Kid and GF does. They don’t complain :-) PS4 is accessing internet just line any other devices through default NaT policies

You will need an access rule that allows DNS from the lan to the dns zone

Good one. I don’t know the requirements for what you are trying to achieve or event if it’s possible. I won’t be able to help on this one

Agreed, it’s odd to do 2 policies for one thing. Doug Demuro would call that « quirks and features » :-)

Yes you can use other Wan IP you have too

@@JeanPierTalbot What I am trying to do is allow a remote non SSLVPN user to access resources across our site-to-site VPN. I am allowing this now, but the users are SSLVPN users that get assigned an inside address. Using the method discussed here, is that possible?

Hi Syed, Unfortunately I don’t know what it can be. It can be several things. Best would be to contact sonicwall tech support and provide them a diagram of what you are trying to achieve. They should be able to help.

Il not sure il following you. You are outside and want to nat yourself in to manage the firewall? I would advice to manage it from its wan or interface instead. Let me know if I’m off track :-)

@@JeanPierTalbot thank you for the feedback. I want to connect to the firewall from my remote network connected in VPN. From a remote network connected in VPN without NAT it works, but from a remote network connected with NAT it does not work. To access a local server from my remote network it works through NAT, but not firewall access. NAT is configured on the local firewall, not on the remote firewall. Sorry, I'm French, my English is not perfect

I never tried it, but I believe you simply use an address group that contains all the IP you want in the pool. Again, I haven’t tried it :-)

@@JeanPierTalbot I have a couple of IPs that maybe if someone wants to browse they can use. That's the use case I want to implement

@@pipi_delina and you want the user to be able to decide which WAN IP he wants to use? if so, you would need to create users, like user "WAN-IP-1" and create NAT policies to nat "WAN-IP-1" using your 1st WAN IP. then NAT policy for user "WAN-IP-2" using your 2st WAN IP. then you tell user to authenticate to the firewall as user "WAN-IP-1"

@@JeanPierTalbot it was a use case I wanted.. I achieved that by making group objects and used the group for the nat

Remove the Cisco? :-)

Thanks! Some ISP are blocking those ports as they don’t want you to host anything. They want you to pay for their hosting services. Have a look at my NAT video. Try taking a weird port (like 555) and change the port in the NAT FOR 80. Original destination port: 555 Translated destination port: 80

Thank you for the tips, at the end of the day was the gateway security and the packet inspector that block the inbound traffic on that ports. Put the workstation in an exclusion group and everything works now @@JeanPierTalbot

You won’t get any of the security features (IPS, antivirus, URL filtering…) and no support, no warranty, no OS upgrades. You won’t get any on the stuff mention here: www.sonicwall.com/products/firewalls/security-services/security-bundles/ I think over 90% of sales are with the security features. Highly recommended for security

@@JeanPierTalbot thank you you're videos are a huge help

Hi, sorry I’ll need more details. I don’t understand your question. Maybe it’s because it’s Friday and it has been a long week :-)

I want to record the user's ip address when they access rather than sonicwall's wan ip. After I've nat port . Sorry my english is so bad

Sure! Sounds like an easy one. But I have a few lined up already.

I run trixbox for my sonicwall phone numbers. I use iax2 protocol with my cloud voip provider which is NAT friendly. I don’t know how to securely handle voip phone outside and open ports from the outside so they can reach the PBX inside. Especially if you are using SIP as it used 20 000+ ports and does not like NAT. You can reach out to your local sonicwall team, they can put you in touch with a local sonicwall partner that does professional services ($)