We just ordered a sonicwall NSA 4500 firewall and I am preparing a network diagram for its arrival.
- We have 12 servers in a newly setup rack, a 48-port switch, and a Sonicwall NSA 4500 firewall
- I want 2 VLANs, a DMZ for public traffic and an internal network for which the firewall will provide NAT
- The DMZ VLAN will connect to the firewall PORT 1
- All servers in the DMZ VLAN have public internet-routable IPs (they’re webservers, each box has a 2nd NIC connected to the internal network to talk to the internal boxes, DB/Application servers)
- The internal VLAN will connect to firewall PORT 2
My question is configuring the firewall with these VLANs.
I’d like to guarantee the bandwidth to the DMZ VLAN isn’t affected by what the internal VLAN will do (the internal VLAN has the potential to saturate its 1Gbit link at times, that shouldn’t affect the DMZ-user traffic).
So from the router can we have 2 ports configured:
- Firewall port 3 is configured with a public internet routable IP and provides the NAT translation to the internal VLAN on port 2 (these two ports are segregated off in their own VLAN on the firewall)
- Firewall port 4 has a separate connection to the upstream gateway, but in this case I’m confused about configuring port 4, should it have an IP in this case? I think not because the DMZ VLAN boxes all are configured with their own public IP, in this case the firewall is just forwarding the traffic correct?
Am I even correct in assuming that I can/should have 2 outbound links for each of the 2 VLANs (private and DMZ)?
I'd appreciate the help on this 2nd point of confusion, my primary expertise is in application architecture rather than network architecture.
After finding some documentation on the firewall I'm pretty confident that the answer is that the DMZ network is configured as a "Transparent Mode or as Passthrough" on the firewall, the devices on that network won't know the firewall exists.