How to configure a sonicwall TZ200 to work with a Netgear DG834 ADSL Router

I was advised to purchase a TZ200 so i did, for blocking Social Networking sites etc for a small company. After attempting to set this up 2 days ago i still haven't got it up and running yet and i was pretty much stumped just how difficult i was finding it even after reading several articles on installation. Bassically all i need it for really is Internet content filtering. Anyway i will list in detail the office setup as best i can and would appreciate any help at all to move me in the right direction. My Subnetting skills are very poor so detailed information would be great - Thanks.

1x Netgear ADSL Router DG834 - ISP Demon and it assigns 1x static IP address for the company: DHCP is enabled on the router and NAT
Router public IP 192.168.0.1

1x 24 port Netgear switch that connects the 10x XP pro clients and Netgear Router.

1x Windows Server 2k3 acting as Domain controller and file server only
Server public IP 192.168.0.30 - all clients 192.168.0.2 - 192.168.0.11

How do i go about placing the firewall onto this setup? someone mentioned bridging the router but this means i need to make changes to the router which i dont think it supports. Is it possible to do without bridging?   Can anyone give details please

Thanks in advance
JohnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
HofpadCommented:
First of all, I would also recommend to bridge the Router and let the sonicwall do the PPPoE or DHCP on the WAN (public) side. Advantage: your public IP (no, not the internal 192.168.0.1 but the one from your ISP) will then be directly attached to your sonicwall WAN Interface.

But, since you dont want to touch the router, you can also configure the SonicWALL in Transparent Mode. Here's the way to go:

Configure the SonicWALLs WAN Interface under "Network" and "Interfaces". Choose to configure/edit the X1 Interface. Choose IP Assignment "Static" and IP-Address "192.168.0.100", Subnet-Mask "255.255.255.0", Default Gateway "192.168.0.1" and DNS-Server the ones of your ISP.

Now, define a Network-Object for all the Stations and Servers that will be "behind" the SonicWALL. Go to Network and "Adress Objects". Scroll down to "Adress objects" and click "Add". Give a good Name like "Internal Stations" and keep Zone Assignement "LAN" and change Type to Range. Add Starting IP-Adress to 192.168.0.2 and Ending IP-Adress 192.168.0.50 (as a reserve for future PCs/Servers).

Configure the SonicWALLs LAN Interface under "Network" and "Interfaces". Choose to configure/edit the X0 Interface. Choose IP Assignment "Transparent Mode" and select as "Transparent Range" the Network Object (Internal Stations) you defined above.

After that, put the SonicWALL with two cables between your Router and your Switch, so that every outbound traffic *must* flow through the SonicWALL. This step is essential.

Now you are ready to start configure the content filters under "Security Services" and "Content Filter".

Good Luck!
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
JohnAuthor Commented:
If this works you are my HERO!!! - will be going in shortly to have a crack

I just want this setup with as little fuss as possible i.e not having to go round changing all the internal client machines IP's

Just a quick one... do i have to enable DHCP on the Sonicwall and turn off DHCP on the Router or should i just leave it.

Thanks

0
 
JohnAuthor Commented:
Something else i forgot to mention, just want to make sure i have connected the equiptmnet correctly.

ADSL Router - 1x patch lead into the back of the Wan port on the sonicwall
Sonical Wall - 1 x patch lead running into the Netgear Switch

Is this correct?

Cheers
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
HofpadCommented:
DHCP: I assume it should work as before. If you get problems, disable it on the Router and enable it on the SonicWALL LAN/X0 side.

Cabling: Correct so far - but make sure you use the *X0 Port* of the SonicWALL to connect to the internal Switch.

Regards
0
 
JohnAuthor Commented:
Ok thanks for your very kind information.
I take it that the Sonicwall's IP will e 192.168.0.100 as you instructed and i have to change all client gateways to point to this?

Cheers
0
 
JohnAuthor Commented:
set this up as instructed but the WAN x1 port will not keep the settings.
Error message is Subnet on this lan overlaps with another interface!

Any ideas
thanks
0
 
HofpadCommented:
No, the clients gateways stay the same (192.168.0.1) since the SonicWALL ist transparent.

You can avoid the overlap error when you first reset the box to factory defaults or change the LAN IPs to someting other like 10.10.10.x (dont forget to also change your management station to this network so you are still able to manage the sonicwall).
0
 
JohnAuthor Commented:
Did a reset on the sonicwall and started from fresh
Using a laptop with xp prof to configure
Patch cable from laptop to Lan port on Sonicwall and patch from sonicwall to Router

Lan X0 port to 192.168.168.168
Subnet 255.255.255.0
IP assignment Static

Wan X1 port = 192.168.0.100
Subnet 255.255.255.0

Default gateway = 192.168.0.1
Dns = 158.152.1.58   - from internet provider


Laptop ip address = 192.168.168.5
gateway 192.168.168.168
DHCP 192.168.168.168
dns 168.152.1.58
These are set to auto assign in windows

I can access the internet from the laptop fine when directly connected but all other users on the lan can not.  

I'm still not clear about assigning network objects!! This is what i did
Network - Address Objects - goto address objects - ADD - Named it - Zone = LAN - Type = Range and my scope was 192.168.168.1 - 192.168.168.169

I have patched the Lan port on the sonicwall to the switch to test all clients but no joy - do i need to change the client ip address's

Cheers againi
0
 
HofpadCommented:
The usage of 192.168.168.x is only meant for temporary use (to not have overlapping IP-Ranges between X1 and X0). It is used only during the process of configuring the firewall.


Lets assume you start as described with 192.168.168.x.

After setting the WAN/X1 according to my first description, you will set the LAN/X0 to "Transparent Mode" (follow my first description). After that, you will need to reconfigure your XP-Laptop from 192.168.168.x to 192.168.0.x (with gateway 192.168.0.1 !!! - since the SonicWALL ist "transparent" its IP-Adress is not used by the clients). Then your XP is like a station from the LAN.

After that you should be able to access the SonicWALL by http://192.168.0.100
And you should then be able to access the internet if XP is connected directly to the SonicWALL *AND* if SonicWALL and XP are connected to the Switch.

Cheers
0
 
JohnAuthor Commented:
This is not working and i have followed your instructions exactly as you descibed them.  I can not login to the address 192.168.0.100 either when the laptop is connected via the switch.  Is there any where i could look for a log report and maybe you will be able to guide me further.
Ive tried to call sonicwall 3x and it keeps cutting me off.

really appreciate your help
0
 
HofpadCommented:
This link shows something similar:
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5979

Eventually I have to correct my description of the Network-Object Zone Assignement to "WAN" instead of "LAN" (according to the link above) - but I'm not completely sure about it; try both.

If you cannot administrate the SonicWALL from the LAN side, try to access it from the WAN side (make sure, you have enabled the checkbox "HTTPS"  under "Management" when configuring the WAN interface.

Regards
0
 
JohnAuthor Commented:
just closing the question off
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.