Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1311
  • Last Modified:

How to Configure Firewall LAN and Wireless Access

We have a Sonicwall firewall providing access to a DC and Terminal Server. The LAN interface is 10.56.43.15. Users have their workstations setup to access this server using the LAN address (10.56.43.15) as the gateway address. Upon starting their computers a script is executed mapping their network drives. We would like to replace the existing firewall with a Sonicwall TZ 190 which provides usual router configurations as well as wireless capabilities. The users would like to take their notebook computers to the board room and still be able to access their mappped drives using the wireless component of the firewall. The wireless LAN address (10.1.0.246) is in a different subnet making this ability impossible. Is there a way to make the wireless component work similiar to the wired LAN component?
0
Generator
Asked:
Generator
1 Solution
 
Rob HutchinsonDesktop SupportCommented:
What about changing the Wireless LAN onto the same subnet as the LAN?

Your security will come from the Wireless users using the wireless security. They do not have to be on a different subnet and then routed into your local network.

Maybe just enable passthru for the Wireless network so that users connecting to your network via the wireless get the same type of connection as if they were connected via a hardwire connection.
0
 
GeneratorAuthor Commented:
WiR - when I try to change the wireless interface address to the same address as the LAN address I get a "same subnet" message. Passthru sounds like the solution - how would I set that up? Thanks
0
 
nappy_dCommented:
The TZ190 allows you to configure two SSID's; one for your guest network and another for your public network.  THis would be based on their credentials.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
amaru21Commented:
I believe I had something like this setup on a Sonicwall TZ170.  My wireless users were on a different subnet, but there was no NAT or firewalling being performed on the wireless.  Basically it would just route packets normally between interfaces without filtering or anything.
0
 
GeneratorAuthor Commented:
We would like to keep everyone on the same subnet. This is a domain configuration and some users have workstations wired to the switch and some use notebooks wired to the switch. The notebook users would like the freedom to move to the boardroom for conferences or meetings with clients and be able to access their folders on the terminal server through the wireless connection. Basically log in as usual either through their local area connection or wireless. Thanks.
0
 
nappy_dCommented:
Re-Reading your original support question, you need to configure 802.1x wireless authentication(p362 of your TZ190 admin guide) Also you will need to configure 802.1x wireless authentication for your domain(http://support.microsoft.com/kb/837911)

Short of doing the above two steps, you will have to place a batch script on the user's desktop that they can use to manually connect to their shares after they have logged on with their cached credentials.
0
 
GeneratorAuthor Commented:
nap - thanks for this. Another hurdle to cross is the networked printers in the office. They are all set with static IP addresses in the 10.56.43.X range. Is there there no way to bridge this configuration to allow the use of one address subnet in both the router and the wireless component?
0
 
nappy_dCommented:
On your TZ190 did you configure your Wireless internal network to be on the same subnet as your wired computers?

You should be able to put your printers on the same subnet as your workstations.  Just make sure that in your DHCP scope, you exclude a range of IP's that will be used for static assignments.
0
 
GeneratorAuthor Commented:
nap - it looks like I  cannot change the IP address configurations. The TZ190 is both a LAN firewall and a wireless firewall hence the requirement for the seperate subnets on each interface. I may try an access rule to allow WLAN to LAN access and LAN to WLAN access - this may allow the jump across the two subnets. What are your thoughts on this?
0
 
nappy_dCommented:
I use Cisco APs and what they do is that when the user authenticates, if they are a guest it segments them from the corp vlan.  when they authenticate as a corp user, it moves them into  the corp network.

You may want to contact Sonicwall support and see if the Enhanced OS supports such a feature. Otherwise, I thin the Global VPN client might be the other choice for connectivity and you do not have to open any ports.
0
 
GeneratorAuthor Commented:
nap - I will contact Sonicwall suport and see what solution they may have. Thanks
0
 
san7an4Commented:
please share the resolution as i have also encountered this similar situation with a tz 190 w.

thank you
0
 
GeneratorAuthor Commented:
We were able to resolve this issue by setting up "Zones" in the firewall to work between the interfaces.
san7an4 let me know if you need more information regarding our resolution.
0
 
GeneratorAuthor Commented:
Please close this question as a solution had been achieved. Thanks
0
 
lockrows_ainsleyCommented:
I would like more details on how you set up the zones, please!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now