Installation of Sonicwall NSA 240

Posted on 2010-08-16
Last Modified: 2013-11-16
hi everyone,

We just purchased an NSA 240 for our small office. Unfortunately, despite my best efforts, I must be missing something big. I've tried several different things but the packets just won't travel.

Let me explain how we've got things set up - first, the line from our ISP comes in to the cable modem. The modem has its own built-in routing and firewall, etc, but that's all disabled. The modem feeds into a small Linksys router/wireless point. That's where we've got everything built. We're using its firewall and NAT. From there, it goes over to our switch, and everything is golden.

I was advised to deploy the firewall between the modem and router. While reading through the documentation for the NSA 240, however, I noticed one of the deployment scenarios involves using the firewall as the gateway, with no other gateways involved (i.e. modem -> firewall -> switch). I'm beginning to think I took a wrong turn here by not setting it up like that.

I set up the NSA 240 without too much trouble, copying over the existing port forwarding and IP addresses. I entered our public IP as the WAN on the firewall, and the local IP of the Linksys as the LAN. Similarly, I entered the local IP of the firewall as the WAN for the router, with its gateway as the LAN.

After applying these changes, unfortunately, I was then unable to get out to the internet. All of the computers were still visible to each other locally, and still were being given IP addresses by our DHCP server, but I was completely unable to get beyond the firewall. This leads me to believe I've made at least one, and probably several big errors here.

Hopefully you fine people would be able to steer me in the right direction. I know I probably got the public/private IP allocation wrong somewhere, and I'm still nagged by the thought of making the firewall itself the gateway.

Lastly, if I go with the "firewall as gateway" scenario, I'll unfortunately still need the Linksys in there somewhere, to provide the WWAN (we don't have the wireless module for the NSA 240). If I wipe  all the settings out of the router, will the two devices be able to peacefully coexist?

Thanks in advance for any light you'd be able to shed on this. I've been at this job a whole two weeks and I'd dearly like to continue being employed.

Question by:JetPartsEngineering
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Assisted Solution

jimmyray7 earned 250 total points
ID: 33450650
I would recommend installing the NSA240 like so:

Internet modem -> NSA240 ->LAN

Is the linksys only used for wireless access?  If so, put it on one of the other ports off the NSA240, either on a separate zone (like a DMZ) or on the LAN (if you want the wireless network to be able to access the LAN machines).

The WAN on the NSA240 should have your public IP or an IP that talks to the cable modem.  

Hopefully this makes a little sense.  Let me know how it goes.
LVL 33

Accepted Solution

digitap earned 250 total points
ID: 33451340
Do you have a static public IP address?I'd reset the NSA to factory default and configure it from scratch.  Set the WAN to either static IP or DHCP...however your ISP has you set.Once configured, run the public server wizard on the sonicwall for internal Exchange server, FTP, TS, etc.If the model of Linksys you have lets you configure it in bridge/transparent mode, then that's how you should configure it.  Enable the WLAN interface on the NSA and connect the Linksys to it.  When you enable the WLAN and configure it, the NSA will create a DHCP scope for that interface.  With the Linksys in bridge mode (if it's possible), it should pass DHCP to wireless hosts.  Also, don't forget to check the WLAN > LAN and LAN > WLAN firewall access rules once it's configured.  They are Deny by default.  Go to Firewall > Access Rules to see the firewall rules.

Author Comment

ID: 33456181
Thanks for the input everyone.  I will be giving this another shot tonight after hours.

Once it's all configured properly, yes the Linksys will be there solely to provide the wireless.  I'm going to take it out of the equation tonight and just try modem -> firewall -> LAN as suggested.

Thankfully yes we do have a static public IP - I have it entered as such in the firewall.  Unfortunately our Linksys is very bare-bones (WRT54GS), the only modes it supports are  "gateway" and "router".  So I'm a little nervous about having it re-attaching it to the LAN after everything else is set up.
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

LVL 33

Expert Comment

ID: 33456442
You won't attach the linksys to the LAN.  Rather, you'll connect it to the WLAN interface on the sonicwall.  Either way, it sounds like its not the right appliance for you.  Either purchase a Sonicwall SonicPoint or run out and get an inexpensive wireless access point.

Regarding the sonicwall WAN, that's good.  It's much less headache that way.  It really will be simply configuring the static IP and you're done.  I'd experiment with the last tab of the WAN interface regarding setting static speed/duplex.  Also, check out this article I wrote for setting the MTU of the WAN interface.  With cable connections, it's important to confirm you have the right settings.

Author Comment

ID: 33456841
Good call.  Assuming everything else works tonight, it won't be much of a problem to grab a cheap access point until we can afford the add-in card for the Sonicwall.

Thanks for the link, I hadn't heard about MTUs and datagrams previously.
LVL 33

Expert Comment

ID: 33456906
Sure.  Your sonicwall can already manage sonicpoints.  you only need to connect the sonicwall sonicpoint to the WLAN interface.  the sonicwall sends out a special packet for sonicpoints and if you have a preconfigured sonicpoint profile, it'll automatically configure the sonicpoint so you won't have to configure each individually.  it's very helpful if you have several sonicpoints or if you want to deploy a guest and corporate wireless network.

Author Comment

ID: 33466414
Well that was a trip.  We swapped the equipment around, but it turns out our modem needs to be power cycled anytime a new device is plugged into it.  We also had to strip out the protections listed in Network -> Zones.  We will be adding them back in one by one.

We were also able to keep the Linksys as the WAP...we factory reset it and ran through only enough of its setup to get it broadcasting.

Many thanks to you gents!
LVL 33

Expert Comment

ID: 33466585
glad you got it all working and thanks for the points!

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question