Solved

Installation of Sonicwall NSA 240

Posted on 2010-08-16
8
2,179 Views
Last Modified: 2013-11-16
hi everyone,

We just purchased an NSA 240 for our small office. Unfortunately, despite my best efforts, I must be missing something big. I've tried several different things but the packets just won't travel.

Let me explain how we've got things set up - first, the line from our ISP comes in to the cable modem. The modem has its own built-in routing and firewall, etc, but that's all disabled. The modem feeds into a small Linksys router/wireless point. That's where we've got everything built. We're using its firewall and NAT. From there, it goes over to our switch, and everything is golden.

I was advised to deploy the firewall between the modem and router. While reading through the documentation for the NSA 240, however, I noticed one of the deployment scenarios involves using the firewall as the gateway, with no other gateways involved (i.e. modem -> firewall -> switch). I'm beginning to think I took a wrong turn here by not setting it up like that.

I set up the NSA 240 without too much trouble, copying over the existing port forwarding and IP addresses. I entered our public IP as the WAN on the firewall, and the local IP of the Linksys as the LAN. Similarly, I entered the local IP of the firewall as the WAN for the router, with its gateway as the LAN.

After applying these changes, unfortunately, I was then unable to get out to the internet. All of the computers were still visible to each other locally, and still were being given IP addresses by our DHCP server, but I was completely unable to get beyond the firewall. This leads me to believe I've made at least one, and probably several big errors here.

Hopefully you fine people would be able to steer me in the right direction. I know I probably got the public/private IP allocation wrong somewhere, and I'm still nagged by the thought of making the firewall itself the gateway.

Lastly, if I go with the "firewall as gateway" scenario, I'll unfortunately still need the Linksys in there somewhere, to provide the WWAN (we don't have the wireless module for the NSA 240). If I wipe  all the settings out of the router, will the two devices be able to peacefully coexist?

Thanks in advance for any light you'd be able to shed on this. I've been at this job a whole two weeks and I'd dearly like to continue being employed.

-Tony
0
Comment
Question by:JetPartsEngineering
  • 4
  • 3
8 Comments
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 250 total points
ID: 33450650
I would recommend installing the NSA240 like so:

Internet modem -> NSA240 ->LAN

Is the linksys only used for wireless access?  If so, put it on one of the other ports off the NSA240, either on a separate zone (like a DMZ) or on the LAN (if you want the wireless network to be able to access the LAN machines).

The WAN on the NSA240 should have your public IP or an IP that talks to the cable modem.  

Hopefully this makes a little sense.  Let me know how it goes.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33451340
Do you have a static public IP address?I'd reset the NSA to factory default and configure it from scratch.  Set the WAN to either static IP or DHCP...however your ISP has you set.Once configured, run the public server wizard on the sonicwall for internal Exchange server, FTP, TS, etc.If the model of Linksys you have lets you configure it in bridge/transparent mode, then that's how you should configure it.  Enable the WLAN interface on the NSA and connect the Linksys to it.  When you enable the WLAN and configure it, the NSA will create a DHCP scope for that interface.  With the Linksys in bridge mode (if it's possible), it should pass DHCP to wireless hosts.  Also, don't forget to check the WLAN > LAN and LAN > WLAN firewall access rules once it's configured.  They are Deny by default.  Go to Firewall > Access Rules to see the firewall rules.
0
 

Author Comment

by:JetPartsEngineering
ID: 33456181
Thanks for the input everyone.  I will be giving this another shot tonight after hours.

Once it's all configured properly, yes the Linksys will be there solely to provide the wireless.  I'm going to take it out of the equation tonight and just try modem -> firewall -> LAN as suggested.

Thankfully yes we do have a static public IP - I have it entered as such in the firewall.  Unfortunately our Linksys is very bare-bones (WRT54GS), the only modes it supports are  "gateway" and "router".  So I'm a little nervous about having it re-attaching it to the LAN after everything else is set up.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33456442
You won't attach the linksys to the LAN.  Rather, you'll connect it to the WLAN interface on the sonicwall.  Either way, it sounds like its not the right appliance for you.  Either purchase a Sonicwall SonicPoint or run out and get an inexpensive wireless access point.

Regarding the sonicwall WAN, that's good.  It's much less headache that way.  It really will be simply configuring the static IP and you're done.  I'd experiment with the last tab of the WAN interface regarding setting static speed/duplex.  Also, check out this article I wrote for setting the MTU of the WAN interface.  With cable connections, it's important to confirm you have the right settings.

http://www.experts-exchange.com/viewArticle.jsp?aid=3110
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:JetPartsEngineering
ID: 33456841
Good call.  Assuming everything else works tonight, it won't be much of a problem to grab a cheap access point until we can afford the add-in card for the Sonicwall.

Thanks for the link, I hadn't heard about MTUs and datagrams previously.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33456906
Sure.  Your sonicwall can already manage sonicpoints.  you only need to connect the sonicwall sonicpoint to the WLAN interface.  the sonicwall sends out a special packet for sonicpoints and if you have a preconfigured sonicpoint profile, it'll automatically configure the sonicpoint so you won't have to configure each individually.  it's very helpful if you have several sonicpoints or if you want to deploy a guest and corporate wireless network.
0
 

Author Comment

by:JetPartsEngineering
ID: 33466414
Well that was a trip.  We swapped the equipment around, but it turns out our modem needs to be power cycled anytime a new device is plugged into it.  We also had to strip out the protections listed in Network -> Zones.  We will be adding them back in one by one.

We were also able to keep the Linksys as the WAP...we factory reset it and ran through only enough of its setup to get it broadcasting.

Many thanks to you gents!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33466585
glad you got it all working and thanks for the points!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now