my boss wont hire a network guy, so im trying my best to get this done and help out. i know my way around the sonicwall os well enough to get into trouble, but i am not an expert by any means. here is my problem:
we have a simple network protected by a sonicwall nsa 240. it has been running great for a couple of years now. its a t1, and we have a single usable ip. recently, we needed to pass PCI compliance for our merchant account credit card system. everything passes except for 1 item... a video security system dvr that is accessible from the outside world through our ip on port 8080 (incoming) and 5900(outgoing) (this is hardcoded in the dvr, and cannot be changed - i have verified that with the manufacturer). because it is accessible, and answers to requests, we have failed our pci test.
i can get another ip address (although they are making me jump through hoops to get it), but im not sure if this would help. i am already using the dmz on the sonicwall for a public in store wifi for our place, and it doesnt appear that i can setup 2 dmz's.
is there any way i could route this so that the security system dvr would not be accessible and completely segregated on another external ip address? whether or not its accessible to the LAN doesnt really matter. i just need it to be on its own external ip address entirely. obviously, the easiest means to the end here would simply be to get another internet connection (cable or dsl) but we are trying to avoid that extra $50/month when we already have a t1 with plenty of bandwidth.