Solved

Can SonicWall TZ170 Wireless be on same subnet as domain computers?

Posted on 2011-09-22
10
1,199 Views
Last Modified: 2012-05-12
A client has a SonicWall TZ180 Wireless router. The wireless portion, setup via the wizard, is located at 172.16.31.1, is running DHCP (for wireless), and handing out IP addresses to clients. The clients could not access resources on the domain (192.168.100.x) until I manually put the SBS 2008 Server IP  (192.168.100.2) as the first DNS Server under Network / DHCP Server / Dynamic Range Configuration/ DNS/WINS. See image:
SonicWall Settings
Once this was done, the clients could access the network without issue, so I assume the SonicWall is doing some kind of NAT work.
 
The problem is that I'm using Sunbelt Software's Vipre Enterprise AntiVirus and it can't communicate with the laptop in order to update status, etc. I assume the reason is because of the different subnets and NAT involved. Here's the laptop IP settings:
 Laptop IP settings
Question: Can I change the SonicWall Wireless to be on the 192.x.x.x subnet without causing DNS / DHCP issues? Or is there another approach I should be using?
0
Comment
Question by:scion111
  • 6
  • 4
10 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 500 total points
ID: 36582659
Why not enable DHCP to pass to your domain's DHCP controller?  I've had TZ100 and TZ200, and never used the built-in DHCP server.  Even VPN users got forwarded to the domain controller for DHCP requests.
0
 

Author Comment

by:scion111
ID: 36583267
aleghart:
Thanks fo rthe suggestion. I just plowed through the wizard and did not notice the pass through option. I assume I just uncheck "Enable DHCP Server" and check "Allow DHCP passthrough" and don't have to adjust any other settings. Is that correct?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36583303
Yes. Should work. If you have VPN users you'll have to find the setting for DHCP relay, which will forward DHCP requests from the remote user to your domain's DHCP server.
0
 

Author Comment

by:scion111
ID: 36583339
VPN users connect through the Small Business Server so I assume that would not be an issue. Let me know if you feel otherwise.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36583344
No...then they'll not have to worry about the SonicWall VPN settings.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:scion111
ID: 36583474
Thanks - you've been a great help!
0
 

Author Comment

by:scion111
ID: 36583705
aleghart:
Sorry - I spoke too soon. When I tried to enable DHCP passthrough, I go this message: "DHCP passthrough only works in Transparent Mode. Please change your networking address mode"

Did some reading and it sounds a bit scary...

As an alternate, do you think I can leave the DHCP server on, but change the scope to be within the 192.168.100.x subnet, and then exclude them from distribution on th SBS 2008 DHCP Server?

Example:
On SBS 2008 DHCP, exclude IP range 192.168.100.80 - 192.168.100.90 from distribution.
On SonicWall, set DHCP Range from 192.168.80 - 192.168.90, set Gateway to 192.168.100.1 (which is LAN IP of SonicWall that the domain uses as a Gateway, set Subnet mask to 255.255.255.0

My concern is that the SBS 208 DHCP will sense the SonicWall and disable itself - not good.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36583900
I was thinking about the "IP Helper".  It was on the TZ170, and I see it on the TZ200 under Network > IP Helper.
Make an entry under "Relay Protocols" for DHCP.
Create the domain server as an object first (with the proper LAN IP address).
Add a policy that forwards DHCP to your domain server.


sonicwall-IPHelper-DHCP.jpg
0
 

Author Comment

by:scion111
ID: 36589712
I will look at later tonight and advise - thanks again for all your help.
0
 

Author Comment

by:scion111
ID: 36590696
aleghart:
No "IP Helper" settings on TZ180 I could find. Any idea if the DHCP server with a limited scope I mentioned above would work (or wreak havoc)?

Another alternate would be to just get a Wireless Access Point, but I thought this would be doable with the SonicWall.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now