Solved

Can SonicWall TZ170 Wireless be on same subnet as domain computers?

Posted on 2011-09-22
10
1,197 Views
Last Modified: 2012-05-12
A client has a SonicWall TZ180 Wireless router. The wireless portion, setup via the wizard, is located at 172.16.31.1, is running DHCP (for wireless), and handing out IP addresses to clients. The clients could not access resources on the domain (192.168.100.x) until I manually put the SBS 2008 Server IP  (192.168.100.2) as the first DNS Server under Network / DHCP Server / Dynamic Range Configuration/ DNS/WINS. See image:
SonicWall Settings
Once this was done, the clients could access the network without issue, so I assume the SonicWall is doing some kind of NAT work.
 
The problem is that I'm using Sunbelt Software's Vipre Enterprise AntiVirus and it can't communicate with the laptop in order to update status, etc. I assume the reason is because of the different subnets and NAT involved. Here's the laptop IP settings:
 Laptop IP settings
Question: Can I change the SonicWall Wireless to be on the 192.x.x.x subnet without causing DNS / DHCP issues? Or is there another approach I should be using?
0
Comment
Question by:scion111
  • 6
  • 4
10 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 500 total points
ID: 36582659
Why not enable DHCP to pass to your domain's DHCP controller?  I've had TZ100 and TZ200, and never used the built-in DHCP server.  Even VPN users got forwarded to the domain controller for DHCP requests.
0
 

Author Comment

by:scion111
ID: 36583267
aleghart:
Thanks fo rthe suggestion. I just plowed through the wizard and did not notice the pass through option. I assume I just uncheck "Enable DHCP Server" and check "Allow DHCP passthrough" and don't have to adjust any other settings. Is that correct?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36583303
Yes. Should work. If you have VPN users you'll have to find the setting for DHCP relay, which will forward DHCP requests from the remote user to your domain's DHCP server.
0
 

Author Comment

by:scion111
ID: 36583339
VPN users connect through the Small Business Server so I assume that would not be an issue. Let me know if you feel otherwise.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36583344
No...then they'll not have to worry about the SonicWall VPN settings.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:scion111
ID: 36583474
Thanks - you've been a great help!
0
 

Author Comment

by:scion111
ID: 36583705
aleghart:
Sorry - I spoke too soon. When I tried to enable DHCP passthrough, I go this message: "DHCP passthrough only works in Transparent Mode. Please change your networking address mode"

Did some reading and it sounds a bit scary...

As an alternate, do you think I can leave the DHCP server on, but change the scope to be within the 192.168.100.x subnet, and then exclude them from distribution on th SBS 2008 DHCP Server?

Example:
On SBS 2008 DHCP, exclude IP range 192.168.100.80 - 192.168.100.90 from distribution.
On SonicWall, set DHCP Range from 192.168.80 - 192.168.90, set Gateway to 192.168.100.1 (which is LAN IP of SonicWall that the domain uses as a Gateway, set Subnet mask to 255.255.255.0

My concern is that the SBS 208 DHCP will sense the SonicWall and disable itself - not good.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36583900
I was thinking about the "IP Helper".  It was on the TZ170, and I see it on the TZ200 under Network > IP Helper.
Make an entry under "Relay Protocols" for DHCP.
Create the domain server as an object first (with the proper LAN IP address).
Add a policy that forwards DHCP to your domain server.


sonicwall-IPHelper-DHCP.jpg
0
 

Author Comment

by:scion111
ID: 36589712
I will look at later tonight and advise - thanks again for all your help.
0
 

Author Comment

by:scion111
ID: 36590696
aleghart:
No "IP Helper" settings on TZ180 I could find. Any idea if the DHCP server with a limited scope I mentioned above would work (or wreak havoc)?

Another alternate would be to just get a Wireless Access Point, but I thought this would be doable with the SonicWall.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now