How do I configure a Sonicwall TZ190 for a private and a public network?

tekmann1
tekmann1 used Ask the Experts™
on
I am assisting a local charitable organization with a clean-up and refresh of their network and cabling mess. They have a Sonicwall TZ190 for the Office network and a Sonicwall TZ210 for their Guest network. Feeding into the Sonicwalls are the outputs from two cable modems on a cable splitter broadband drop from Charter. The existing network used H-P Procurve Layer 3 switches and we will be replacing those with donated Layer 2 Cisco 3560's. The current set-up has two VLANs and the Procurve's are tagged accordingly. I want to remove the VLANs and just run two separate networks on the new switches with (hopefully) no VLANs. The one hitch is that the office manager needs to access the Guest server from her Office workstation. Therefore, there must be an Interface to Interface link between the two Sonicwalls. From everything I have read, this should be possible. The Office subnet is 10.0.0.x and the Guest is 192.168.200.x
Can somebody really familiar with the Sonicwalls provide help with this relatively simple design? Am I correct in assuming that there is no need for VLANs here? Thank you in advance!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You don't really need two Sonicwalls to implement two ISP connections. You could simply use two WAN and two LAN interfaces on the TZ210. Configure the two WAN interfaces for load balance or failover. One LAN interface for the office and the other for guest. The two LAN interfaces would be isolated, but you could write a specific rule for the the one pc that needs to go from one to the other. Keep the TZ190 as a spare.

Is this possible for you to do, or do you really want to keep everything separate and use two Sonicwalls?

Author

Commented:
Yes, to keeping the two separate connections. I believe one side is how the staff VPN's into the network and the other is for Internet access only. Strange maybe.. but, I want to leave that as it is. So, visualize a parallel design here with the only crossover being the physical link between the two Sonicwalls. The VLANing was no doubt done to better utilize the two H-P switches. Half of one switch was Office (VLAN 1), and the other half (VLAN 200 ) was for Guest. The second H-P was VLAN 200 only. We aren't constrained by equipment for this project. We have completed the wireless (Guest only-no Office) already with Cisco 1131 AP's and a 3560 POE switch. By the way... thank you for your incredible response time!
First, as you suspected, you don't need vlans.

To configure the Sonciwall interfaces and rules your best tool would be the Administrators guide. Available here:

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=590&dl=1

Note that this is the latest version, so depending upon what version of SonicOS you have, it might have things you don't.

To go between the two, you could use the dmz or a lan port, configuring access rules to do what you want.

Please post any other questions regarding this.
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Author

Commented:
Just for your information, the TZ190 firmware is 3.9.0.1-6e and the TZ210 is 5.5.1.0-5o.
The firmware you have on the TZ210 is very old, from October 2009. If you have a support agreement I suggest you download the latest release. Same probably applies to the TZ190.

Author

Commented:
The TZ190 has been out of support for years or so I have read. I am a little hesitant to upgrade either box for fear or losing the current config.
The upgrade will not loose the config, but if worried, you can export it to a local pc just to be sure.

Do these two Sonicwalls have active subscriptions and support?

Author

Commented:
I really don't know if the subscriptions are up to date. We are going about this without much information. I will check the next time I go there and log in to the Sonicwalls.
If the Sonicwalls don't at least have active subscription (gav, ips, etc) then they are not going to do you much good, and will offer little protection except for the firewall rules.

If not, I don't suggest you buy the subscriptions, I suggest you apply the cost to an upgrade to a new device. Remember, you only really need one Sonicwall to do what you need.

Author

Commented:
Thank you for your suggestions. I have decided to implement them after finishing the network clean-up. I appreciate the quick responses!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial