Get a 5 or 8 port switch.
Plug the Frontier Cat 6 cable in one of the ports.
Plug your routers in the other ports (The WAN/Internet ports of the routers).
Program the WAN/Internet port for each router to one of the static IP Addresses.

Done.

Edit: Yes, you can plug the other WAN port into the switch, but everything on the LAN side will be on the same network.

it would depend on how you wanted to use it.

if you wanted those two IP addresses completely separated, you should be able to put a switch behind the ONT. from the switch, run one cable to the existing firewall and a second cable from the switch to a second firewall. each firewall gets set up with a different static IP address and is completely separate from each other.


OR, if you have a firewall that supports multiple WAN IP addresses being provided to it, you leave it wired as-is, but then go into the firewall and set up NAT/PAT to point that second static IP address to a second LAN network. FOr instance, I have one static IP address that is routed to the DMZ port on my firewall so that the company that sub-leases space in our building has IP access without being able to access my network resources.

The firewall does allow more than one WAN, and I like the idea of leaving everything wired as is, but the first WAN interface is configured as a static IP address, and was confused by the other config options. For instance, PPPoE, etc.

when you mean more that one WAN, are you talking about multiple WAN ports, or that it supports multiple WAN IP addresses on a single port?

For instance, on my system, I have multiple WAN ports on the firewall, and each port has multiple IP addresses available on it.

I'll give you some example IP addresses.

my IP provides me with the following IP address range (made up). 100.31.38.1/26

the gateway on the IP side is 100.31.38.1 . my firewall's WAN port is assigned to be 100.31.38.2 with the subnet mask to be 255.255.255.192 which gives me 62 IP addresses. that is all statically set. no PPPoE or DHCP.

on the LAN side, I set the internal network to be 10.0.0.0/16. all clients go out on the internet on the 100.31.38.2 address.

once that is set, then I go into the firewall and just map a second external IP address (100.31.38.3) to point to a specific server (10.0.1.10) with NAT/PAT address translation.

I also take a second LAN port on the firewall and create a second network on that port. 192.168.10.0/24 and make a second network on it with the public IP address of 100.31.38.61.


multiple WAN ports are more for secondary ISP connections, not to split one ISP connection into multiple WAN connections just so you can assign a dedicated IP address to each port.

not sure exactly which sonicwall firewall you have, but here is a starting point for you.

What are you trying to accomplish? It's possible your solution is as simple as port forwarding.

Just use a switch if you want truly separate networks, such as for a tenant or guest etc to use their own NAT router/firewall on one of the other public IPs. It is hard to give advice without knowing exactly what your goals are and what firewall or router you have.

But based on what little you did describe - just get a switch, put it between the ONT and the routers or firewalls you want to create private networks behind.

Yes, this SonicWall is a TZ300, and any of the interfaces (ports) are configurable as a WAN. Since we already have one interface configured as a WAN with static IP, I thought I had to create a second WAN for another static IP. The goal is that we would also have 2 LAN interfaces, and that those LANs would be completely separate networks. So I thought we would do something like this:



When you say that each of your WAN ports on the firewall has multiple IP addresses available on it, do you mean public IP addresses? It would be great if we could somehow use 2 of the public static IP addresses through a single WAN interface on the firewall, and perhaps configure a second LAN interface for traffic that originates from that second static IP.

I see you say that WAN ports are only for secondary ISP connections, not to split the one, but Verizon/Frontier told us that all 5 IP addresses were on the single CAT6 cable, so that's why I'm a little confused here.

yes.

I have 2 WAN connections going to my firewall. one is a SPrint Fiber connection that has 62 public IP addresses on it.. it all comes in on one WAN connection.

for my second WAN connection (used for failover and load-balancing), it is a wireless internet connection that has 5 public IP addreses on it, like your situation. again. all 5 addresses are available to the firewall on that single line.

yes, you only need one WAN cable from the ONT to the firewall. all 5 IP addresses are exposed to the firewall via that one cable.

in your example, LAN port one is set up with t he 192.168.0.0/24 network and has x.x.x.1 public IP address NAT/PAT'ed to it. and then for LAN port two, you have 10.0.0.0/24 network on it, with x.x.x.2 public IP address pointed to it.


you need to look in the firewall for NAT or PAT settings to let you do that public IP address > private LAN network programming.

if you'd rather not do hat, then you need to run a second firewall for the second network. ONT > Switch > two cables, one to each firewall.

Is the LAN range different than the static WAN IP?

I sure hope so, since both LAN ranges posted are non-routable networks. if Frontier gave him 5 non-routable IP addresses as his WAN addresses, he's gonna have a problem.

Yes, the LAN IP ranges are private non-routable IPs, and the WAN IPs are standard public class A network addresses. Nothing fancy.

Let me re-phrase: The static IP's, are they a different subnet than the WAN static IP?

IE: Wan Static: 12.12.12.50
5 IP block: 12.12.10.24 /29 (12.12.10.25 - .30)

I honestly don't know. I've been wearing the network tinkerer hat for about 4 days. Is there anything I should be aware of?