sonic wall with public access

Posted on 2013-01-29
Last Modified: 2013-02-01
i have a new network to try and setup via verizon fios.  i have the feed coming out of the verizon fios router going directly into a sonicwall TZ 180 W 25 NODE device.  coming out of the lan on the back of the sonic wall i go to a 16 port switch and each switch to a different terminal in the store and a few pc's.  the pcs access the internet and the lan network perfectly but my question is how to get public wifi setup as well.  i purchased a linksys wireless n router and a netgear accesspoint (in case i need to extend it).   what port should i come out of the sonic wall with, and how do i set it up so it is a separate publice wifi and not able to get to the lan network?  thanks so much
Question by:StewartGilligan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3

Expert Comment

ID: 38834449
if you have enough ports on the switch to spare:
configure vlan on the switch.
-> 2 vlans (VLAN 2 and VLAN 3); one for your environment(2) and one for public wifi(3).
1 vlan port from the VLAN 3 on the switch then goes into a third interface on the sonicwall, which you will need to configure as a new zone, able to access the internet (you wil need to set up new rules for this zone as well)

if you do not have switch ports to spare:
buy a new switch(a 5 or 8-port switch would suffice for that)
do NOT connect it to the existing switch.
connect it to a third interface on the sonicwall and configure it as new zone (see above)


Author Comment

ID: 38838340
now im confused.  im sure i worded it wrong and i need real layman's explanation :(  i enclosed a picture of my verizon fios box and the switches etc set up now.  im trying to get public wifi separate from the lan.
 thanks :-(

ps  attached is a picture of my bee's nest :-(

Expert Comment

ID: 38838612
ok, as i take it the verizon is your gateway.

there are still free lan ports on it.

is the sonicwall connected to the verizon via the sonicwall's WAN interface or on the LAN interface?
i suspect it is the WAN interface?

if yes:
is the WAN zone on the sonicwall configured to let all inbound traffic through?

if no the easy way is this:
buy another small switch (whatever you need to connect all your wifi devices)
connect it to one of the free LAN ports on the verizon
configure wifi devices
connect all wifi devices to the switch

drawback: you need yourself to be connected to that switch in order to configure the wifi properly, or you configure it before you connect them to the new switch.

set this up like i said and you'll have a perfectly separated wifi-network from your own (but only if the sonicwall's WAN interface is the one connected to the verizon and also denies inbound traffic)

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 38842030
thank you wshty, ill try :(

Author Comment

ID: 38842398
ok before i tried anything, a friend had me log on the sonicwall and use thw wlan wireless wizard. i just "ok'd" through everything and now i can connect wireless??!!  is this wifi section of the sonicwall tz180 secured from the lan section??  can i run an access point off the sonic wall to enhance the range.  as you can see i am very green in this area and any enlightenment is so appreciated :-)  thanks

Accepted Solution

wshty earned 500 total points
ID: 38843052
hi stewart,

sorry, it is always difficult to remotely analyze anothers' situation, but i'll try.

ok, first: yes the sonicwall tz180 "W" (W is for wireless) has its own Wireless Lan integrated.
if you ran the wizard, then sonicwall automatically adds a new zone.
the Wireless Lan runs in a different subnet/iprange (different from the LAN range)
yes, you also can run all other accesspoints from this zone.

If you go into your sonicwall -> Firewall -> Access Rule
Klick on the "matrix" view.

it should look like this:
Sonicwall Access rules
on the left you see "from"
and on the top you can see "to"

in your case you should have the zones "LAN", "WAN", "VPN", "WLAN" and maybe "SSLVPN"

this matrix includes all firewall rules which are configured on the sonicwall, but separated by the direction of the traffic and its zone.
from your wired computer you want to browse a website on the internet and you cannot right now, then you need to create a new access rule.
for this you need to know where the traffic flows to.
in this example the traffic would flow from "LAN" to "WAN" search for the button in the matrix and click on it.
in your case there would already be an HTTP or HTTPS rule present because you can already browse the web.
there could be an "any" rule though - which means that every kind of OUTGOING traffic is let through.

please note:
generally, traffic from "WAN" to "LAN" should be denied.
i.e.: you do not need to create an additional rule for http or https thinking that if the website traffic is allowed out there must come something back also (downloads, cache, etc)
-> the firewall can handle this kind of traffic
only traffic  _initiated_  by something from the internet is not let through (which is as it should be, unless you have webmail, or websites on your intranet (but this is a story for another time .. ;-)  )

but let's get back to running all accesspoints from the sonicwall:
in order to make sure that absolutely NO traffic flows from LAn to WLAN or the other way around you need to create two access rules.
1. deny access for any port/service from wlan subnets to lan subnets
2. deny access for any port/service from lan subnets to wlan subnets

the rules may have been created automatically while running the wizard.

running other accesspoints via this zone:

first: configure the accesspoints
(give them static ip addresses in the same subnet as the WLAN zone is, but NOT within the DHCP range of it;
also disable DHCP;
configure the same SSID as you have configured on the sonicwall;
give the accesspoints' WLAN a different channel (for 3 accesspoints i would suggest 1 AP with channel1, 1 AP wioth channel 6, and 1 AP with channel 12; this is best, due to overlapping frequenzy in the channels))

if you configured your APs them you need to configure the sonicwall interface
go to network -> interfaces and configure an unused interface
change it to WLAN zone and give it a static ip address /subnet.
leave the rest to default.

you can do this with another interface for the second AP, or connect a switch to this one interface and connect both aps to the switch, your choice.

finished (i hope..) :-)


Author Comment

ID: 38843777
wshty, you are sooooo soooo helpful & patient!   if i cant figure it from all your excellent advice then i dont deserve to have public wifi!!  thank you again..

Author Closing Comment

ID: 38843782
great great help and very patient with someone green like me :-)

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question