Solved

Setting up Sonicpoints

Posted on 2014-10-28
4
176 Views
Last Modified: 2015-01-15
Have a location that has a sonicwall controlling 6 sonicpoints ap's.  They are installing a web filter (iprism) to block access to certain sites and run reporting.  The problem is that with the current setup, the sonicwall wireless clients aren't getting filtered.  The filter is deployed "inline" (switch->web filter->sonicwall).  The filter vendor said that since the wireless subnet isn't connected physically to the network, traffic can't be filtered unless we put the filter outside the firewall (which then you lose AD integration, etc).  

Is there a way to set up the sonicpoints where they would be connected to the physical network and be able to be filtered?  I was thinking of buying another sonicwall just to act as the wireless controller and put it behind the existing firewall but that seems like overkill.
0
Comment
Question by:jasp101
  • 2
4 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 40410484
It is not clear from you description where you have the web filter. Is it on the LAN or WAN side of the Sonicwall?

If on the WAN side, it should be filtering all traffic. If on the LAN side, it will only filter the traffic on the "X" interface that it is connected to. Typically the wireless is connected to a separate X interface, and that would be your issue.

Does the wireless have unrestricted access to the LAN?
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40416122
In your setup, with the sonicpoints terminating at the sonicwall, the iprism needs to be on the wan side of the sonicwall. It's easy enough to allow the iprism access to AD inside your LAN. Make a service group for iprism access, make access objects for what it needs to talk to, make those into a group. Then it's just a firewall rule to allow the iprism with those services to that group of computers inside the lan. You might also need a nat rule, it's been awhile since I did this manually, I usually just use the public server wizard and make changes to what it creates.

That said, you could get another sonicwall just to terminate the sonicpoints to inside the lan inside the iprism
0
 
LVL 1

Author Comment

by:jasp101
ID: 40416131
The filter is behind the sonicwall on the LAN.  The wireless does have access to the LAN, but the only way to get the wireless to filter is to add a proxy since they are not physically on the lan.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40416460
Sonicwall has an "Automatic Proxy Forwarding (Web Only)" however the problem is:
"the proxy server must be on the wan or dmz, it cannot be on the lan"
http://help.mysonicwall.com/sw/eng/266/ui1/6600/Advanced/Proxy_Relay.htm

I suppose you could make a nat rule that all port 80 requests from the wlan go to the iprism...
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How computer Arp Table gets populated. 21 86
cutting over to a new network 9 66
Intel wireless adapter shuts down when logging off Windows 7 13 56
Network access 4 19
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now