We help IT Professionals succeed at work.

How to Configure Firewall LAN and Wireless Access

Medium Priority
1,387 Views
Last Modified: 2012-05-06
We have a Sonicwall firewall providing access to a DC and Terminal Server. The LAN interface is 10.56.43.15. Users have their workstations setup to access this server using the LAN address (10.56.43.15) as the gateway address. Upon starting their computers a script is executed mapping their network drives. We would like to replace the existing firewall with a Sonicwall TZ 190 which provides usual router configurations as well as wireless capabilities. The users would like to take their notebook computers to the board room and still be able to access their mappped drives using the wireless component of the firewall. The wireless LAN address (10.1.0.246) is in a different subnet making this ability impossible. Is there a way to make the wireless component work similiar to the wired LAN component?
Comment
Watch Question

Rob HutchinsonTech Lead, Desktop Support
CERTIFIED EXPERT

Commented:
What about changing the Wireless LAN onto the same subnet as the LAN?

Your security will come from the Wireless users using the wireless security. They do not have to be on a different subnet and then routed into your local network.

Maybe just enable passthru for the Wireless network so that users connecting to your network via the wireless get the same type of connection as if they were connected via a hardwire connection.

Author

Commented:
WiR - when I try to change the wireless interface address to the same address as the LAN address I get a "same subnet" message. Passthru sounds like the solution - how would I set that up? Thanks
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
The TZ190 allows you to configure two SSID's; one for your guest network and another for your public network.  THis would be based on their credentials.

Commented:
I believe I had something like this setup on a Sonicwall TZ170.  My wireless users were on a different subnet, but there was no NAT or firewalling being performed on the wireless.  Basically it would just route packets normally between interfaces without filtering or anything.

Author

Commented:
We would like to keep everyone on the same subnet. This is a domain configuration and some users have workstations wired to the switch and some use notebooks wired to the switch. The notebook users would like the freedom to move to the boardroom for conferences or meetings with clients and be able to access their folders on the terminal server through the wireless connection. Basically log in as usual either through their local area connection or wireless. Thanks.
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
Re-Reading your original support question, you need to configure 802.1x wireless authentication(p362 of your TZ190 admin guide) Also you will need to configure 802.1x wireless authentication for your domain(http://support.microsoft.com/kb/837911)

Short of doing the above two steps, you will have to place a batch script on the user's desktop that they can use to manually connect to their shares after they have logged on with their cached credentials.

Author

Commented:
nap - thanks for this. Another hurdle to cross is the networked printers in the office. They are all set with static IP addresses in the 10.56.43.X range. Is there there no way to bridge this configuration to allow the use of one address subnet in both the router and the wireless component?
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
On your TZ190 did you configure your Wireless internal network to be on the same subnet as your wired computers?

You should be able to put your printers on the same subnet as your workstations.  Just make sure that in your DHCP scope, you exclude a range of IP's that will be used for static assignments.

Author

Commented:
nap - it looks like I  cannot change the IP address configurations. The TZ190 is both a LAN firewall and a wireless firewall hence the requirement for the seperate subnets on each interface. I may try an access rule to allow WLAN to LAN access and LAN to WLAN access - this may allow the jump across the two subnets. What are your thoughts on this?
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
I use Cisco APs and what they do is that when the user authenticates, if they are a guest it segments them from the corp vlan.  when they authenticate as a corp user, it moves them into  the corp network.

You may want to contact Sonicwall support and see if the Enhanced OS supports such a feature. Otherwise, I thin the Global VPN client might be the other choice for connectivity and you do not have to open any ports.

Author

Commented:
nap - I will contact Sonicwall suport and see what solution they may have. Thanks

Commented:
please share the resolution as i have also encountered this similar situation with a tz 190 w.

thank you
We were able to resolve this issue by setting up "Zones" in the firewall to work between the interfaces.
san7an4 let me know if you need more information regarding our resolution.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Please close this question as a solution had been achieved. Thanks
I would like more details on how you set up the zones, please!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.