How do I configure a Sonicwall TZ190 for a private and a public network?

I am assisting a local charitable organization with a clean-up and refresh of their network and cabling mess. They have a Sonicwall TZ190 for the Office network and a Sonicwall TZ210 for their Guest network. Feeding into the Sonicwalls are the outputs from two cable modems on a cable splitter broadband drop from Charter. The existing network used H-P Procurve Layer 3 switches and we will be replacing those with donated Layer 2 Cisco 3560's. The current set-up has two VLANs and the Procurve's are tagged accordingly. I want to remove the VLANs and just run two separate networks on the new switches with (hopefully) no VLANs. The one hitch is that the office manager needs to access the Guest server from her Office workstation. Therefore, there must be an Interface to Interface link between the two Sonicwalls. From everything I have read, this should be possible. The Office subnet is 10.0.0.x and the Guest is 192.168.200.x
Can somebody really familiar with the Sonicwalls provide help with this relatively simple design? Am I correct in assuming that there is no need for VLANs here? Thank you in advance!
tekmann1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

carlmdCommented:
You don't really need two Sonicwalls to implement two ISP connections. You could simply use two WAN and two LAN interfaces on the TZ210. Configure the two WAN interfaces for load balance or failover. One LAN interface for the office and the other for guest. The two LAN interfaces would be isolated, but you could write a specific rule for the the one pc that needs to go from one to the other. Keep the TZ190 as a spare.

Is this possible for you to do, or do you really want to keep everything separate and use two Sonicwalls?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tekmann1Author Commented:
Yes, to keeping the two separate connections. I believe one side is how the staff VPN's into the network and the other is for Internet access only. Strange maybe.. but, I want to leave that as it is. So, visualize a parallel design here with the only crossover being the physical link between the two Sonicwalls. The VLANing was no doubt done to better utilize the two H-P switches. Half of one switch was Office (VLAN 1), and the other half (VLAN 200 ) was for Guest. The second H-P was VLAN 200 only. We aren't constrained by equipment for this project. We have completed the wireless (Guest only-no Office) already with Cisco 1131 AP's and a 3560 POE switch. By the way... thank you for your incredible response time!
0
carlmdCommented:
First, as you suspected, you don't need vlans.

To configure the Sonciwall interfaces and rules your best tool would be the Administrators guide. Available here:

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=590&dl=1

Note that this is the latest version, so depending upon what version of SonicOS you have, it might have things you don't.

To go between the two, you could use the dmz or a lan port, configuring access rules to do what you want.

Please post any other questions regarding this.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

tekmann1Author Commented:
Just for your information, the TZ190 firmware is 3.9.0.1-6e and the TZ210 is 5.5.1.0-5o.
0
carlmdCommented:
The firmware you have on the TZ210 is very old, from October 2009. If you have a support agreement I suggest you download the latest release. Same probably applies to the TZ190.
0
tekmann1Author Commented:
The TZ190 has been out of support for years or so I have read. I am a little hesitant to upgrade either box for fear or losing the current config.
0
carlmdCommented:
The upgrade will not loose the config, but if worried, you can export it to a local pc just to be sure.

Do these two Sonicwalls have active subscriptions and support?
0
tekmann1Author Commented:
I really don't know if the subscriptions are up to date. We are going about this without much information. I will check the next time I go there and log in to the Sonicwalls.
0
carlmdCommented:
If the Sonicwalls don't at least have active subscription (gav, ips, etc) then they are not going to do you much good, and will offer little protection except for the firewall rules.

If not, I don't suggest you buy the subscriptions, I suggest you apply the cost to an upgrade to a new device. Remember, you only really need one Sonicwall to do what you need.
0
tekmann1Author Commented:
Thank you for your suggestions. I have decided to implement them after finishing the network clean-up. I appreciate the quick responses!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.