Solved

How to configure a sonicwall TZ200 to work with a Netgear DG834 ADSL Router

Posted on 2010-11-11
12
1,882 Views
Last Modified: 2013-02-28
I was advised to purchase a TZ200 so i did, for blocking Social Networking sites etc for a small company. After attempting to set this up 2 days ago i still haven't got it up and running yet and i was pretty much stumped just how difficult i was finding it even after reading several articles on installation. Bassically all i need it for really is Internet content filtering. Anyway i will list in detail the office setup as best i can and would appreciate any help at all to move me in the right direction. My Subnetting skills are very poor so detailed information would be great - Thanks.

1x Netgear ADSL Router DG834 - ISP Demon and it assigns 1x static IP address for the company: DHCP is enabled on the router and NAT
Router public IP 192.168.0.1

1x 24 port Netgear switch that connects the 10x XP pro clients and Netgear Router.

1x Windows Server 2k3 acting as Domain controller and file server only
Server public IP 192.168.0.30 - all clients 192.168.0.2 - 192.168.0.11

How do i go about placing the firewall onto this setup? someone mentioned bridging the router but this means i need to make changes to the router which i dont think it supports. Is it possible to do without bridging?   Can anyone give details please

Thanks in advance
0
Comment
Question by:John
  • 7
  • 5
12 Comments
 
LVL 3

Accepted Solution

by:
Hofpad earned 500 total points
ID: 34109869
First of all, I would also recommend to bridge the Router and let the sonicwall do the PPPoE or DHCP on the WAN (public) side. Advantage: your public IP (no, not the internal 192.168.0.1 but the one from your ISP) will then be directly attached to your sonicwall WAN Interface.

But, since you dont want to touch the router, you can also configure the SonicWALL in Transparent Mode. Here's the way to go:

Configure the SonicWALLs WAN Interface under "Network" and "Interfaces". Choose to configure/edit the X1 Interface. Choose IP Assignment "Static" and IP-Address "192.168.0.100", Subnet-Mask "255.255.255.0", Default Gateway "192.168.0.1" and DNS-Server the ones of your ISP.

Now, define a Network-Object for all the Stations and Servers that will be "behind" the SonicWALL. Go to Network and "Adress Objects". Scroll down to "Adress objects" and click "Add". Give a good Name like "Internal Stations" and keep Zone Assignement "LAN" and change Type to Range. Add Starting IP-Adress to 192.168.0.2 and Ending IP-Adress 192.168.0.50 (as a reserve for future PCs/Servers).

Configure the SonicWALLs LAN Interface under "Network" and "Interfaces". Choose to configure/edit the X0 Interface. Choose IP Assignment "Transparent Mode" and select as "Transparent Range" the Network Object (Internal Stations) you defined above.

After that, put the SonicWALL with two cables between your Router and your Switch, so that every outbound traffic *must* flow through the SonicWALL. This step is essential.

Now you are ready to start configure the content filters under "Security Services" and "Content Filter".

Good Luck!
0
 

Author Comment

by:John
ID: 34109926
If this works you are my HERO!!! - will be going in shortly to have a crack

I just want this setup with as little fuss as possible i.e not having to go round changing all the internal client machines IP's

Just a quick one... do i have to enable DHCP on the Sonicwall and turn off DHCP on the Router or should i just leave it.

Thanks

0
 

Author Comment

by:John
ID: 34109931
Something else i forgot to mention, just want to make sure i have connected the equiptmnet correctly.

ADSL Router - 1x patch lead into the back of the Wan port on the sonicwall
Sonical Wall - 1 x patch lead running into the Netgear Switch

Is this correct?

Cheers
0
 
LVL 3

Expert Comment

by:Hofpad
ID: 34110092
DHCP: I assume it should work as before. If you get problems, disable it on the Router and enable it on the SonicWALL LAN/X0 side.

Cabling: Correct so far - but make sure you use the *X0 Port* of the SonicWALL to connect to the internal Switch.

Regards
0
 

Author Comment

by:John
ID: 34110242
Ok thanks for your very kind information.
I take it that the Sonicwall's IP will e 192.168.0.100 as you instructed and i have to change all client gateways to point to this?

Cheers
0
 

Author Comment

by:John
ID: 34110515
set this up as instructed but the WAN x1 port will not keep the settings.
Error message is Subnet on this lan overlaps with another interface!

Any ideas
thanks
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Expert Comment

by:Hofpad
ID: 34111093
No, the clients gateways stay the same (192.168.0.1) since the SonicWALL ist transparent.

You can avoid the overlap error when you first reset the box to factory defaults or change the LAN IPs to someting other like 10.10.10.x (dont forget to also change your management station to this network so you are still able to manage the sonicwall).
0
 

Author Comment

by:John
ID: 34112052
Did a reset on the sonicwall and started from fresh
Using a laptop with xp prof to configure
Patch cable from laptop to Lan port on Sonicwall and patch from sonicwall to Router

Lan X0 port to 192.168.168.168
Subnet 255.255.255.0
IP assignment Static

Wan X1 port = 192.168.0.100
Subnet 255.255.255.0

Default gateway = 192.168.0.1
Dns = 158.152.1.58   - from internet provider


Laptop ip address = 192.168.168.5
gateway 192.168.168.168
DHCP 192.168.168.168
dns 168.152.1.58
These are set to auto assign in windows

I can access the internet from the laptop fine when directly connected but all other users on the lan can not.  

I'm still not clear about assigning network objects!! This is what i did
Network - Address Objects - goto address objects - ADD - Named it - Zone = LAN - Type = Range and my scope was 192.168.168.1 - 192.168.168.169

I have patched the Lan port on the sonicwall to the switch to test all clients but no joy - do i need to change the client ip address's

Cheers againi
0
 
LVL 3

Assisted Solution

by:Hofpad
Hofpad earned 500 total points
ID: 34112201
The usage of 192.168.168.x is only meant for temporary use (to not have overlapping IP-Ranges between X1 and X0). It is used only during the process of configuring the firewall.


Lets assume you start as described with 192.168.168.x.

After setting the WAN/X1 according to my first description, you will set the LAN/X0 to "Transparent Mode" (follow my first description). After that, you will need to reconfigure your XP-Laptop from 192.168.168.x to 192.168.0.x (with gateway 192.168.0.1 !!! - since the SonicWALL ist "transparent" its IP-Adress is not used by the clients). Then your XP is like a station from the LAN.

After that you should be able to access the SonicWALL by http://192.168.0.100
And you should then be able to access the internet if XP is connected directly to the SonicWALL *AND* if SonicWALL and XP are connected to the Switch.

Cheers
0
 

Author Comment

by:John
ID: 34113104
This is not working and i have followed your instructions exactly as you descibed them.  I can not login to the address 192.168.0.100 either when the laptop is connected via the switch.  Is there any where i could look for a log report and maybe you will be able to guide me further.
Ive tried to call sonicwall 3x and it keeps cutting me off.

really appreciate your help
0
 
LVL 3

Assisted Solution

by:Hofpad
Hofpad earned 500 total points
ID: 34114066
This link shows something similar:
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5979

Eventually I have to correct my description of the Network-Object Zone Assignement to "WAN" instead of "LAN" (according to the link above) - but I'm not completely sure about it; try both.

If you cannot administrate the SonicWALL from the LAN side, try to access it from the WAN side (make sure, you have enabled the checkbox "HTTPS"  under "Management" when configuring the WAN interface.

Regards
0
 

Author Closing Comment

by:John
ID: 34232370
just closing the question off
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now