Hello all,
I have been working away at this off and on and am not getting anywhere fast.
Overview:
We have 5 usable static IPs from Comcast. These come in to a Comcast BWG modem/router. We then have two different sonicwall firewalls connected and each is assigned one of the 5 static IPs from comcast. In this config, the comcast is transparent and all is well.
Then we introduced VoIP for external calls via flowroute. I assigned a third static IP for the PBX behind one of the sonicwalls. Then I found I needed to do some QoS work for the VoIP traffic. Since the comcast BWG does not expose QoS settings to me, I had to move all traffic through one of the sonicwalls and manage it there. I did that, and it works great. We now have all traffic coming to the BWG, then to one sonicwall (assigned 3 of the static IPs). From there, it is a 1-1 NAT to the other sonicwall (it has a ton of port forward rules that I didn't want to move to this main sonicwall). Then another 1-1 NAT for the PBX. Got this all done, and it works, but I don't like it. I am now having some issues with trying to get extensions outside the network to connect to the (asterisk based) PBX. My first intuition is that the NAT in the sonicwall is FUBAR'ing the SIP traffic. I also don't like the layout of the network.
I have tried finding a way to transparently assign the PBX a static IP from Comcast, but would still like a firewall appliance in front of it for reasons of sleeping better at night.
So I guess my question is this: Is there a way to transparently firewall 5 static IPs from comcast and still assign the public IP to an end device? Can this be done with a sonicwall (TZ 400)? If another box is required, what recommendations do you have?
No comments:
Post a Comment