Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Installation of Sonicwall NSA 240

Posted on 2010-08-16
8
Medium Priority
?
2,249 Views
Last Modified: 2013-11-16
hi everyone,

We just purchased an NSA 240 for our small office. Unfortunately, despite my best efforts, I must be missing something big. I've tried several different things but the packets just won't travel.

Let me explain how we've got things set up - first, the line from our ISP comes in to the cable modem. The modem has its own built-in routing and firewall, etc, but that's all disabled. The modem feeds into a small Linksys router/wireless point. That's where we've got everything built. We're using its firewall and NAT. From there, it goes over to our switch, and everything is golden.

I was advised to deploy the firewall between the modem and router. While reading through the documentation for the NSA 240, however, I noticed one of the deployment scenarios involves using the firewall as the gateway, with no other gateways involved (i.e. modem -> firewall -> switch). I'm beginning to think I took a wrong turn here by not setting it up like that.

I set up the NSA 240 without too much trouble, copying over the existing port forwarding and IP addresses. I entered our public IP as the WAN on the firewall, and the local IP of the Linksys as the LAN. Similarly, I entered the local IP of the firewall as the WAN for the router, with its gateway as the LAN.

After applying these changes, unfortunately, I was then unable to get out to the internet. All of the computers were still visible to each other locally, and still were being given IP addresses by our DHCP server, but I was completely unable to get beyond the firewall. This leads me to believe I've made at least one, and probably several big errors here.

Hopefully you fine people would be able to steer me in the right direction. I know I probably got the public/private IP allocation wrong somewhere, and I'm still nagged by the thought of making the firewall itself the gateway.

Lastly, if I go with the "firewall as gateway" scenario, I'll unfortunately still need the Linksys in there somewhere, to provide the WWAN (we don't have the wireless module for the NSA 240). If I wipe  all the settings out of the router, will the two devices be able to peacefully coexist?

Thanks in advance for any light you'd be able to shed on this. I've been at this job a whole two weeks and I'd dearly like to continue being employed.

-Tony
0
Comment
Question by:JetPartsEngineering
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 1000 total points
ID: 33450650
I would recommend installing the NSA240 like so:

Internet modem -> NSA240 ->LAN

Is the linksys only used for wireless access?  If so, put it on one of the other ports off the NSA240, either on a separate zone (like a DMZ) or on the LAN (if you want the wireless network to be able to access the LAN machines).

The WAN on the NSA240 should have your public IP or an IP that talks to the cable modem.  

Hopefully this makes a little sense.  Let me know how it goes.
0
 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 33451340
Do you have a static public IP address?I'd reset the NSA to factory default and configure it from scratch.  Set the WAN to either static IP or DHCP...however your ISP has you set.Once configured, run the public server wizard on the sonicwall for internal Exchange server, FTP, TS, etc.If the model of Linksys you have lets you configure it in bridge/transparent mode, then that's how you should configure it.  Enable the WLAN interface on the NSA and connect the Linksys to it.  When you enable the WLAN and configure it, the NSA will create a DHCP scope for that interface.  With the Linksys in bridge mode (if it's possible), it should pass DHCP to wireless hosts.  Also, don't forget to check the WLAN > LAN and LAN > WLAN firewall access rules once it's configured.  They are Deny by default.  Go to Firewall > Access Rules to see the firewall rules.
0
 

Author Comment

by:JetPartsEngineering
ID: 33456181
Thanks for the input everyone.  I will be giving this another shot tonight after hours.

Once it's all configured properly, yes the Linksys will be there solely to provide the wireless.  I'm going to take it out of the equation tonight and just try modem -> firewall -> LAN as suggested.

Thankfully yes we do have a static public IP - I have it entered as such in the firewall.  Unfortunately our Linksys is very bare-bones (WRT54GS), the only modes it supports are  "gateway" and "router".  So I'm a little nervous about having it re-attaching it to the LAN after everything else is set up.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:digitap
ID: 33456442
You won't attach the linksys to the LAN.  Rather, you'll connect it to the WLAN interface on the sonicwall.  Either way, it sounds like its not the right appliance for you.  Either purchase a Sonicwall SonicPoint or run out and get an inexpensive wireless access point.

Regarding the sonicwall WAN, that's good.  It's much less headache that way.  It really will be simply configuring the static IP and you're done.  I'd experiment with the last tab of the WAN interface regarding setting static speed/duplex.  Also, check out this article I wrote for setting the MTU of the WAN interface.  With cable connections, it's important to confirm you have the right settings.

http://www.experts-exchange.com/viewArticle.jsp?aid=3110
0
 

Author Comment

by:JetPartsEngineering
ID: 33456841
Good call.  Assuming everything else works tonight, it won't be much of a problem to grab a cheap access point until we can afford the add-in card for the Sonicwall.

Thanks for the link, I hadn't heard about MTUs and datagrams previously.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33456906
Sure.  Your sonicwall can already manage sonicpoints.  you only need to connect the sonicwall sonicpoint to the WLAN interface.  the sonicwall sends out a special packet for sonicpoints and if you have a preconfigured sonicpoint profile, it'll automatically configure the sonicpoint so you won't have to configure each individually.  it's very helpful if you have several sonicpoints or if you want to deploy a guest and corporate wireless network.
0
 

Author Comment

by:JetPartsEngineering
ID: 33466414
Well that was a trip.  We swapped the equipment around, but it turns out our modem needs to be power cycled anytime a new device is plugged into it.  We also had to strip out the protections listed in Network -> Zones.  We will be adding them back in one by one.

We were also able to keep the Linksys as the WAP...we factory reset it and ran through only enough of its setup to get it broadcasting.

Many thanks to you gents!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33466585
glad you got it all working and thanks for the points!
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question