Installation of Sonicwall NSA 240

hi everyone,

We just purchased an NSA 240 for our small office. Unfortunately, despite my best efforts, I must be missing something big. I've tried several different things but the packets just won't travel.

Let me explain how we've got things set up - first, the line from our ISP comes in to the cable modem. The modem has its own built-in routing and firewall, etc, but that's all disabled. The modem feeds into a small Linksys router/wireless point. That's where we've got everything built. We're using its firewall and NAT. From there, it goes over to our switch, and everything is golden.

I was advised to deploy the firewall between the modem and router. While reading through the documentation for the NSA 240, however, I noticed one of the deployment scenarios involves using the firewall as the gateway, with no other gateways involved (i.e. modem -> firewall -> switch). I'm beginning to think I took a wrong turn here by not setting it up like that.

I set up the NSA 240 without too much trouble, copying over the existing port forwarding and IP addresses. I entered our public IP as the WAN on the firewall, and the local IP of the Linksys as the LAN. Similarly, I entered the local IP of the firewall as the WAN for the router, with its gateway as the LAN.

After applying these changes, unfortunately, I was then unable to get out to the internet. All of the computers were still visible to each other locally, and still were being given IP addresses by our DHCP server, but I was completely unable to get beyond the firewall. This leads me to believe I've made at least one, and probably several big errors here.

Hopefully you fine people would be able to steer me in the right direction. I know I probably got the public/private IP allocation wrong somewhere, and I'm still nagged by the thought of making the firewall itself the gateway.

Lastly, if I go with the "firewall as gateway" scenario, I'll unfortunately still need the Linksys in there somewhere, to provide the WWAN (we don't have the wireless module for the NSA 240). If I wipe  all the settings out of the router, will the two devices be able to peacefully coexist?

Thanks in advance for any light you'd be able to shed on this. I've been at this job a whole two weeks and I'd dearly like to continue being employed.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would recommend installing the NSA240 like so:

Internet modem -> NSA240 ->LAN

Is the linksys only used for wireless access?  If so, put it on one of the other ports off the NSA240, either on a separate zone (like a DMZ) or on the LAN (if you want the wireless network to be able to access the LAN machines).

The WAN on the NSA240 should have your public IP or an IP that talks to the cable modem.  

Hopefully this makes a little sense.  Let me know how it goes.
Do you have a static public IP address?I'd reset the NSA to factory default and configure it from scratch.  Set the WAN to either static IP or DHCP...however your ISP has you set.Once configured, run the public server wizard on the sonicwall for internal Exchange server, FTP, TS, etc.If the model of Linksys you have lets you configure it in bridge/transparent mode, then that's how you should configure it.  Enable the WLAN interface on the NSA and connect the Linksys to it.  When you enable the WLAN and configure it, the NSA will create a DHCP scope for that interface.  With the Linksys in bridge mode (if it's possible), it should pass DHCP to wireless hosts.  Also, don't forget to check the WLAN > LAN and LAN > WLAN firewall access rules once it's configured.  They are Deny by default.  Go to Firewall > Access Rules to see the firewall rules.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JetPartsEngineeringAuthor Commented:
Thanks for the input everyone.  I will be giving this another shot tonight after hours.

Once it's all configured properly, yes the Linksys will be there solely to provide the wireless.  I'm going to take it out of the equation tonight and just try modem -> firewall -> LAN as suggested.

Thankfully yes we do have a static public IP - I have it entered as such in the firewall.  Unfortunately our Linksys is very bare-bones (WRT54GS), the only modes it supports are  "gateway" and "router".  So I'm a little nervous about having it re-attaching it to the LAN after everything else is set up.
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

You won't attach the linksys to the LAN.  Rather, you'll connect it to the WLAN interface on the sonicwall.  Either way, it sounds like its not the right appliance for you.  Either purchase a Sonicwall SonicPoint or run out and get an inexpensive wireless access point.

Regarding the sonicwall WAN, that's good.  It's much less headache that way.  It really will be simply configuring the static IP and you're done.  I'd experiment with the last tab of the WAN interface regarding setting static speed/duplex.  Also, check out this article I wrote for setting the MTU of the WAN interface.  With cable connections, it's important to confirm you have the right settings.
JetPartsEngineeringAuthor Commented:
Good call.  Assuming everything else works tonight, it won't be much of a problem to grab a cheap access point until we can afford the add-in card for the Sonicwall.

Thanks for the link, I hadn't heard about MTUs and datagrams previously.
Sure.  Your sonicwall can already manage sonicpoints.  you only need to connect the sonicwall sonicpoint to the WLAN interface.  the sonicwall sends out a special packet for sonicpoints and if you have a preconfigured sonicpoint profile, it'll automatically configure the sonicpoint so you won't have to configure each individually.  it's very helpful if you have several sonicpoints or if you want to deploy a guest and corporate wireless network.
JetPartsEngineeringAuthor Commented:
Well that was a trip.  We swapped the equipment around, but it turns out our modem needs to be power cycled anytime a new device is plugged into it.  We also had to strip out the protections listed in Network -> Zones.  We will be adding them back in one by one.

We were also able to keep the Linksys as the WAP...we factory reset it and ran through only enough of its setup to get it broadcasting.

Many thanks to you gents!
glad you got it all working and thanks for the points!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.