Can SonicWall TZ170 Wireless be on same subnet as domain computers?

A client has a SonicWall TZ180 Wireless router. The wireless portion, setup via the wizard, is located at 172.16.31.1, is running DHCP (for wireless), and handing out IP addresses to clients. The clients could not access resources on the domain (192.168.100.x) until I manually put the SBS 2008 Server IP  (192.168.100.2) as the first DNS Server under Network / DHCP Server / Dynamic Range Configuration/ DNS/WINS. See image:
SonicWall Settings
Once this was done, the clients could access the network without issue, so I assume the SonicWall is doing some kind of NAT work.
 
The problem is that I'm using Sunbelt Software's Vipre Enterprise AntiVirus and it can't communicate with the laptop in order to update status, etc. I assume the reason is because of the different subnets and NAT involved. Here's the laptop IP settings:
 Laptop IP settings
Question: Can I change the SonicWall Wireless to be on the 192.x.x.x subnet without causing DNS / DHCP issues? Or is there another approach I should be using?
Sal SoricePresidentAsked:
Who is Participating?
 
aleghartConnect With a Mentor Commented:
Why not enable DHCP to pass to your domain's DHCP controller?  I've had TZ100 and TZ200, and never used the built-in DHCP server.  Even VPN users got forwarded to the domain controller for DHCP requests.
0
 
Sal SoricePresidentAuthor Commented:
aleghart:
Thanks fo rthe suggestion. I just plowed through the wizard and did not notice the pass through option. I assume I just uncheck "Enable DHCP Server" and check "Allow DHCP passthrough" and don't have to adjust any other settings. Is that correct?
0
 
aleghartCommented:
Yes. Should work. If you have VPN users you'll have to find the setting for DHCP relay, which will forward DHCP requests from the remote user to your domain's DHCP server.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Sal SoricePresidentAuthor Commented:
VPN users connect through the Small Business Server so I assume that would not be an issue. Let me know if you feel otherwise.
0
 
aleghartCommented:
No...then they'll not have to worry about the SonicWall VPN settings.
0
 
Sal SoricePresidentAuthor Commented:
Thanks - you've been a great help!
0
 
Sal SoricePresidentAuthor Commented:
aleghart:
Sorry - I spoke too soon. When I tried to enable DHCP passthrough, I go this message: "DHCP passthrough only works in Transparent Mode. Please change your networking address mode"

Did some reading and it sounds a bit scary...

As an alternate, do you think I can leave the DHCP server on, but change the scope to be within the 192.168.100.x subnet, and then exclude them from distribution on th SBS 2008 DHCP Server?

Example:
On SBS 2008 DHCP, exclude IP range 192.168.100.80 - 192.168.100.90 from distribution.
On SonicWall, set DHCP Range from 192.168.80 - 192.168.90, set Gateway to 192.168.100.1 (which is LAN IP of SonicWall that the domain uses as a Gateway, set Subnet mask to 255.255.255.0

My concern is that the SBS 208 DHCP will sense the SonicWall and disable itself - not good.
0
 
aleghartCommented:
I was thinking about the "IP Helper".  It was on the TZ170, and I see it on the TZ200 under Network > IP Helper.
Make an entry under "Relay Protocols" for DHCP.
Create the domain server as an object first (with the proper LAN IP address).
Add a policy that forwards DHCP to your domain server.


sonicwall-IPHelper-DHCP.jpg
0
 
Sal SoricePresidentAuthor Commented:
I will look at later tonight and advise - thanks again for all your help.
0
 
Sal SoricePresidentAuthor Commented:
aleghart:
No "IP Helper" settings on TZ180 I could find. Any idea if the DHCP server with a limited scope I mentioned above would work (or wreak havoc)?

Another alternate would be to just get a Wireless Access Point, but I thought this would be doable with the SonicWall.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.