Installation of Sonicwall NSA 240

Posted on 2010-08-16
Last Modified: 2013-11-16
hi everyone,

We just purchased an NSA 240 for our small office. Unfortunately, despite my best efforts, I must be missing something big. I've tried several different things but the packets just won't travel.

Let me explain how we've got things set up - first, the line from our ISP comes in to the cable modem. The modem has its own built-in routing and firewall, etc, but that's all disabled. The modem feeds into a small Linksys router/wireless point. That's where we've got everything built. We're using its firewall and NAT. From there, it goes over to our switch, and everything is golden.

I was advised to deploy the firewall between the modem and router. While reading through the documentation for the NSA 240, however, I noticed one of the deployment scenarios involves using the firewall as the gateway, with no other gateways involved (i.e. modem -> firewall -> switch). I'm beginning to think I took a wrong turn here by not setting it up like that.

I set up the NSA 240 without too much trouble, copying over the existing port forwarding and IP addresses. I entered our public IP as the WAN on the firewall, and the local IP of the Linksys as the LAN. Similarly, I entered the local IP of the firewall as the WAN for the router, with its gateway as the LAN.

After applying these changes, unfortunately, I was then unable to get out to the internet. All of the computers were still visible to each other locally, and still were being given IP addresses by our DHCP server, but I was completely unable to get beyond the firewall. This leads me to believe I've made at least one, and probably several big errors here.

Hopefully you fine people would be able to steer me in the right direction. I know I probably got the public/private IP allocation wrong somewhere, and I'm still nagged by the thought of making the firewall itself the gateway.

Lastly, if I go with the "firewall as gateway" scenario, I'll unfortunately still need the Linksys in there somewhere, to provide the WWAN (we don't have the wireless module for the NSA 240). If I wipe  all the settings out of the router, will the two devices be able to peacefully coexist?

Thanks in advance for any light you'd be able to shed on this. I've been at this job a whole two weeks and I'd dearly like to continue being employed.

Question by:JetPartsEngineering
  • 4
  • 3

Assisted Solution

jimmyray7 earned 250 total points
ID: 33450650
I would recommend installing the NSA240 like so:

Internet modem -> NSA240 ->LAN

Is the linksys only used for wireless access?  If so, put it on one of the other ports off the NSA240, either on a separate zone (like a DMZ) or on the LAN (if you want the wireless network to be able to access the LAN machines).

The WAN on the NSA240 should have your public IP or an IP that talks to the cable modem.  

Hopefully this makes a little sense.  Let me know how it goes.
LVL 33

Accepted Solution

digitap earned 250 total points
ID: 33451340
Do you have a static public IP address?I'd reset the NSA to factory default and configure it from scratch.  Set the WAN to either static IP or DHCP...however your ISP has you set.Once configured, run the public server wizard on the sonicwall for internal Exchange server, FTP, TS, etc.If the model of Linksys you have lets you configure it in bridge/transparent mode, then that's how you should configure it.  Enable the WLAN interface on the NSA and connect the Linksys to it.  When you enable the WLAN and configure it, the NSA will create a DHCP scope for that interface.  With the Linksys in bridge mode (if it's possible), it should pass DHCP to wireless hosts.  Also, don't forget to check the WLAN > LAN and LAN > WLAN firewall access rules once it's configured.  They are Deny by default.  Go to Firewall > Access Rules to see the firewall rules.

Author Comment

ID: 33456181
Thanks for the input everyone.  I will be giving this another shot tonight after hours.

Once it's all configured properly, yes the Linksys will be there solely to provide the wireless.  I'm going to take it out of the equation tonight and just try modem -> firewall -> LAN as suggested.

Thankfully yes we do have a static public IP - I have it entered as such in the firewall.  Unfortunately our Linksys is very bare-bones (WRT54GS), the only modes it supports are  "gateway" and "router".  So I'm a little nervous about having it re-attaching it to the LAN after everything else is set up.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

LVL 33

Expert Comment

ID: 33456442
You won't attach the linksys to the LAN.  Rather, you'll connect it to the WLAN interface on the sonicwall.  Either way, it sounds like its not the right appliance for you.  Either purchase a Sonicwall SonicPoint or run out and get an inexpensive wireless access point.

Regarding the sonicwall WAN, that's good.  It's much less headache that way.  It really will be simply configuring the static IP and you're done.  I'd experiment with the last tab of the WAN interface regarding setting static speed/duplex.  Also, check out this article I wrote for setting the MTU of the WAN interface.  With cable connections, it's important to confirm you have the right settings.

Author Comment

ID: 33456841
Good call.  Assuming everything else works tonight, it won't be much of a problem to grab a cheap access point until we can afford the add-in card for the Sonicwall.

Thanks for the link, I hadn't heard about MTUs and datagrams previously.
LVL 33

Expert Comment

ID: 33456906
Sure.  Your sonicwall can already manage sonicpoints.  you only need to connect the sonicwall sonicpoint to the WLAN interface.  the sonicwall sends out a special packet for sonicpoints and if you have a preconfigured sonicpoint profile, it'll automatically configure the sonicpoint so you won't have to configure each individually.  it's very helpful if you have several sonicpoints or if you want to deploy a guest and corporate wireless network.

Author Comment

ID: 33466414
Well that was a trip.  We swapped the equipment around, but it turns out our modem needs to be power cycled anytime a new device is plugged into it.  We also had to strip out the protections listed in Network -> Zones.  We will be adding them back in one by one.

We were also able to keep the Linksys as the WAP...we factory reset it and ran through only enough of its setup to get it broadcasting.

Many thanks to you gents!
LVL 33

Expert Comment

ID: 33466585
glad you got it all working and thanks for the points!

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question