jasp101
asked on
Setting up Sonicpoints
Have a location that has a sonicwall controlling 6 sonicpoints ap's. They are installing a web filter (iprism) to block access to certain sites and run reporting. The problem is that with the current setup, the sonicwall wireless clients aren't getting filtered. The filter is deployed "inline" (switch->web filter->sonicwall). The filter vendor said that since the wireless subnet isn't connected physically to the network, traffic can't be filtered unless we put the filter outside the firewall (which then you lose AD integration, etc).
Is there a way to set up the sonicpoints where they would be connected to the physical network and be able to be filtered? I was thinking of buying another sonicwall just to act as the wireless controller and put it behind the existing firewall but that seems like overkill.
Is there a way to set up the sonicpoints where they would be connected to the physical network and be able to be filtered? I was thinking of buying another sonicwall just to act as the wireless controller and put it behind the existing firewall but that seems like overkill.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The filter is behind the sonicwall on the LAN. The wireless does have access to the LAN, but the only way to get the wireless to filter is to add a proxy since they are not physically on the lan.
Sonicwall has an "Automatic Proxy Forwarding (Web Only)" however the problem is:
"the proxy server must be on the wan or dmz, it cannot be on the lan"
http://help.mysonicwall.com/sw/eng/266/ui1/6600/Advanced/Proxy_Relay.htm
I suppose you could make a nat rule that all port 80 requests from the wlan go to the iprism...
"the proxy server must be on the wan or dmz, it cannot be on the lan"
http://help.mysonicwall.com/sw/eng/266/ui1/6600/Advanced/Proxy_Relay.htm
I suppose you could make a nat rule that all port 80 requests from the wlan go to the iprism...
If on the WAN side, it should be filtering all traffic. If on the LAN side, it will only filter the traffic on the "X" interface that it is connected to. Typically the wireless is connected to a separate X interface, and that would be your issue.
Does the wireless have unrestricted access to the LAN?