Solved

sonic wall with public access

Posted on 2013-01-29
8
771 Views
Last Modified: 2013-02-01
i have a new network to try and setup via verizon fios.  i have the feed coming out of the verizon fios router going directly into a sonicwall TZ 180 W 25 NODE device.  coming out of the lan on the back of the sonic wall i go to a 16 port switch and each switch to a different terminal in the store and a few pc's.  the pcs access the internet and the lan network perfectly but my question is how to get public wifi setup as well.  i purchased a linksys wireless n router and a netgear accesspoint (in case i need to extend it).   what port should i come out of the sonic wall with, and how do i set it up so it is a separate publice wifi and not able to get to the lan network?  thanks so much
0
Comment
Question by:StewartGilligan
  • 5
  • 3
8 Comments
 
LVL 5

Expert Comment

by:wshty
ID: 38834449
if you have enough ports on the switch to spare:
configure vlan on the switch.
-> 2 vlans (VLAN 2 and VLAN 3); one for your environment(2) and one for public wifi(3).
1 vlan port from the VLAN 3 on the switch then goes into a third interface on the sonicwall, which you will need to configure as a new zone, able to access the internet (you wil need to set up new rules for this zone as well)


if you do not have switch ports to spare:
buy a new switch(a 5 or 8-port switch would suffice for that)
do NOT connect it to the existing switch.
connect it to a third interface on the sonicwall and configure it as new zone (see above)

regards
0
 

Author Comment

by:StewartGilligan
ID: 38838340
now im confused.  im sure i worded it wrong and i need real layman's explanation :(  i enclosed a picture of my verizon fios box and the switches etc set up now.  im trying to get public wifi separate from the lan.
 thanks :-(

ps  attached is a picture of my bee's nest :-(
network.mess.pdf
0
 
LVL 5

Expert Comment

by:wshty
ID: 38838612
ok, as i take it the verizon is your gateway.

there are still free lan ports on it.

is the sonicwall connected to the verizon via the sonicwall's WAN interface or on the LAN interface?
i suspect it is the WAN interface?

if yes:
is the WAN zone on the sonicwall configured to let all inbound traffic through?

if no the easy way is this:
buy another small switch (whatever you need to connect all your wifi devices)
connect it to one of the free LAN ports on the verizon
configure wifi devices
connect all wifi devices to the switch
finished.

drawback: you need yourself to be connected to that switch in order to configure the wifi properly, or you configure it before you connect them to the new switch.

set this up like i said and you'll have a perfectly separated wifi-network from your own (but only if the sonicwall's WAN interface is the one connected to the verizon and also denies inbound traffic)


regards
0
 

Author Comment

by:StewartGilligan
ID: 38842030
thank you wshty, ill try :(
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:StewartGilligan
ID: 38842398
ok before i tried anything, a friend had me log on the sonicwall and use thw wlan wireless wizard. i just "ok'd" through everything and now i can connect wireless??!!  is this wifi section of the sonicwall tz180 secured from the lan section??  can i run an access point off the sonic wall to enhance the range.  as you can see i am very green in this area and any enlightenment is so appreciated :-)  thanks
0
 
LVL 5

Accepted Solution

by:
wshty earned 500 total points
ID: 38843052
hi stewart,

sorry, it is always difficult to remotely analyze anothers' situation, but i'll try.

ok, first: yes the sonicwall tz180 "W" (W is for wireless) has its own Wireless Lan integrated.
if you ran the wizard, then sonicwall automatically adds a new zone.
the Wireless Lan runs in a different subnet/iprange (different from the LAN range)
yes, you also can run all other accesspoints from this zone.

If you go into your sonicwall -> Firewall -> Access Rule
Klick on the "matrix" view.

it should look like this:
Sonicwall Access rules
on the left you see "from"
and on the top you can see "to"

in your case you should have the zones "LAN", "WAN", "VPN", "WLAN" and maybe "SSLVPN"

this matrix includes all firewall rules which are configured on the sonicwall, but separated by the direction of the traffic and its zone.
example:
from your wired computer you want to browse a website on the internet and you cannot right now, then you need to create a new access rule.
for this you need to know where the traffic flows to.
in this example the traffic would flow from "LAN" to "WAN" search for the button in the matrix and click on it.
in your case there would already be an HTTP or HTTPS rule present because you can already browse the web.
there could be an "any" rule though - which means that every kind of OUTGOING traffic is let through.

please note:
generally, traffic from "WAN" to "LAN" should be denied.
i.e.: you do not need to create an additional rule for http or https thinking that if the website traffic is allowed out there must come something back also (downloads, cache, etc)
-> the firewall can handle this kind of traffic
only traffic  _initiated_  by something from the internet is not let through (which is as it should be, unless you have webmail, or websites on your intranet (but this is a story for another time .. ;-)  )

but let's get back to running all accesspoints from the sonicwall:
in order to make sure that absolutely NO traffic flows from LAn to WLAN or the other way around you need to create two access rules.
1. deny access for any port/service from wlan subnets to lan subnets
2. deny access for any port/service from lan subnets to wlan subnets

the rules may have been created automatically while running the wizard.

running other accesspoints via this zone:

first: configure the accesspoints
(give them static ip addresses in the same subnet as the WLAN zone is, but NOT within the DHCP range of it;
also disable DHCP;
configure the same SSID as you have configured on the sonicwall;
give the accesspoints' WLAN a different channel (for 3 accesspoints i would suggest 1 AP with channel1, 1 AP wioth channel 6, and 1 AP with channel 12; this is best, due to overlapping frequenzy in the channels))

if you configured your APs them you need to configure the sonicwall interface
go to network -> interfaces and configure an unused interface
change it to WLAN zone and give it a static ip address /subnet.
leave the rest to default.

you can do this with another interface for the second AP, or connect a switch to this one interface and connect both aps to the switch, your choice.

finished (i hope..) :-)

regards
0
 

Author Comment

by:StewartGilligan
ID: 38843777
wshty, you are sooooo soooo helpful & patient!   if i cant figure it from all your excellent advice then i dont deserve to have public wifi!!  thank you again..
~peace
0
 

Author Closing Comment

by:StewartGilligan
ID: 38843782
great great help and very patient with someone green like me :-)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now