I’m hoping someone can help me out with a network configuration question.
I have a UniFi UXG Max installed at a customer site. I’m using my own ISP with a static public IP address, while the customer has their own internal network behind a SonicWall firewall.
The customer provided me with a port on their SonicWall and an internal IP address (e.g., 192.168.150.100). I’d like to route or forward specific traffic from their network through my UXG Max to reach certain appliances or devices on my own network.
What’s the best method to accomplish this perhaps using static routes, NAT rules, or firewall rules between the two networks?
Any guidance or examples from similar setups would be greatly appreciated.
First, create a VLAN network within Unifi using the IP info they provided - the address of the UCG-Max should be entered as a “Gateway” IP. Disable DHCP just in case something gets put in this network by accident. I refer to this type of network/link as a “Transit”. Assign whatever port you want to this VLAN as Native, and optionally go through the rest of the ports to remove the VLAN from the Allowed list.
Second, make a new Firewall Zone in Unifi to contain this new Network. Create the firewall rules you need, keeping in mind that the default action for custom zones is to block traffic from that zone.
On your side you’ll need to create static routes for each of their networks other than the subnet of the IP they gave you. The next-hop would be whatever IP they have in this subnet on the Sonicwall. This is so that the UCG-Max knows how to return responses to any traffic from their networks. The only reason you wouldn’t do this is if they are going to Source NAT (aka Masquerade) all traffic heading to you through this connection.
The customer will also need to make static route(s) to your IP for whatever resources need to be reached.