Network at the New Office (SonicWall as Firewall)

Hi,

1) The company will be moving to a new location within Months
- Now , there are  some activities in the new location (maybe around 40 %)

2) The Vendor has put the T1 connection in the new office
3) Yesterday, the consultant has done "activities" related to the computer network
- I heard that they install the "SonicWall" (as Firewall ?)
4) My question: Would somebody explain the configuration of this SonicWall? What would be given by T1 Vendor to the company at this time (at least)?What "input" or "parameters" which should be put in this SonicWall (as FireWall)? I heard the consultant said that they could ping the SonicWall (from the old office), etc.  Please describe it with your own wordings firstly and provide links if necessary
5) Thank you

tjie
tjieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetEngineerFoxCommented:
The sonicwall is an all-in-one firewall,VPN,AV,content filtering device.  Without knowing the exact model it would be difficult to tell you exactly what function it is serving in the new office.

If someone told you they can ping the sonicwall from the old office, most likely the new T1 services are online and functioning.  They probably pinged the WAN port of the sonicwall device.

As far as input parameters on the sonicwall, this is an endless question, because there are so many different settings to change on the device.  It all depends what you are trying to do.  The sonicwall has many components, and those components may or may not be availiable, depending on what license was purchased with the device.  Lucking the sonicwall does come with some handy wizards to help you with the configuration process.

The interface basically looks like the attached image (depending on model)
sonicwall-network-network.png
0
tjieAuthor Commented:
NetEngineerFox,

 Would you more explanation related to items as the followings :

1) What is the "WAN" (as seen in the screen-shot above); is it the IP address of Wan Service provider , right?; but it belongs to the Old Office or the New Office [I believe that the Wan Service Provider should give it to the Old Office and the New Office; or it does not matter at all as it is "outside" (the old and new office)]

2) Say it the Subnet used by the old office is 192.168.61.0/24 .....
- How you configure the above SonicWall (as seen in the screen-shot above) ?
- Just put it the "IP address" as "192.168.61.1" (This must be the "gateway's IP address" or ANY address of the above subnet)??

3) By the chance, How to configure the "VPN" for the above (or i have to open new discussion for it?)

4) Thank you

tjie
0
NetEngineerFoxCommented:
The "WAN port" that I referred to is where the T1 or cable modem, or DSL modem would plug in to.  This is the port that gets a public IP address and is pingable from the outside (or your old office for example).

You would simply configure the "LAN" port on your old subnet 192.168.61.X (usually 192.168.61.1 for simplicity), and then configure the DHCP settings to hand out addresses in the subnet (unless you will have a DHCP server windows or otherwise taking care of this).

VPN can be configured in several ways, the most common of which is:
1) site-to-site VPN tunnel
2) remote access VPN

You can read up on the sonicwall documentation site for configuration of the VPN.
0
Fred MarshallPrincipalCommented:
To be honest, I'm a bit uncomfortable with this.
You already have a consultant and there's not enough information to suggest that the approach is anything but reasonable - and certainly not enough to criticize.  So, this begs the question "why don't you ask the consultant?"  But that's none of my business.....
The questions indicate that you are likely far away from being able to deal with firewall settings, etc. but more power to you to try to learn!  

I would be very concerned over: "Who has the knowledge and control of the firewall settings?"  This is not to be taken lightly and *somebody* has to have it all under configuration management (backed up configurations, etc.) and there needs to be universal agreement as to what changes are made.  That's not to say that there can't be a handoff from the consultant to you but just knowing that there *is* a handoff could be very important.  Joint "ownership" is a bad idea unless there is a very good system in place to communicate, etc.

As far as the public IP addresses, a lot depends on the ISP.  You only mention "the vendor" for the T1 in the new office but don't say whether the vendors are the same for both offices.  
- If it's the same ISP/vendor then maybe you can have the public IP(s?) move from the old office to the new office.  It may be as simple as assigning them yourself out of the pool you are given.  This requires coordination with the ISP.
- If it's not the same ISP/vendor then it could well be a problem to move the IP from one to another unless you can bring the "old" vendor to the "new" location, etc.

You would likely configure the firewall to have an appropriate public IP address on the WAN that comes out of your pool/subnet from the ISP and this might include a subnet mask - or, if you have but a single IP address then that will be it.   One way or another you need to have DNS IP addresses for the outside world and those are typically servers run by the ISP.   The firewall needs to know where to send DNS requests.

The ability to ping the sonicwall simply means this:
- it is connected to the internet with a public IP address
- it is configured to respond to pings on the public / WAN interface
- it is responding; so it is really "there" and functioning to that extent - which is good!  
A ping is a message that's sent from "here" to "there" asking the computer "there" to respond.  When responses are received back "here" then that proves the computer "there" is "alive" to that extent at least.  It doesn't tell you much of anything about what's behind that interface otherwise.
You can ping inside your LAN from computer to computer using IP address on a command line:
ping 192.168.1.222
and this will either result in responses from that address or not.
You can often ping inside your LAN using a computer's name:
ping hilda
and the responses will tell you what hilda's IP address is among other things.
You can also ping public IP addresses or names.
ping 72.30.2.43
and
ping www.yahoo.com
will both get you responses from the same company.
The first one using an IP address will get you responses from a particular computer.
The second one using a URL/name first gets you an IP address (this is where DNS Domain Name Service comes in) and then gets responses from that IP address.  Doing it this way may cause the IP address returned and used to vary according to how the company has set up their servers, etc.
Using names is more robust because the underlying IP addresses can change over time and we have no idea what the time frame might be.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.