Solved

SonicWall tz200 wireless

Posted on 2014-11-23
12
255 Views
Last Modified: 2014-11-25
Hello,
I work from home,
I have a SonicWall TZ200 Wireless, connected to the office through VPN.

I need to separate my home/Personal Devices from my VPN connection.
All of my devices are wireless.

I have an extra access point Trendnet. (that I could use to create a second wireless for personal/Home).

I have never worked with sonicwall before.

Can you please help me with this (Step by Step guide pelase).

thank you,
please see attached screen shot of ports.
Ports.pdf
0
Comment
Question by:W.E.B
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 40461819
Not sure if you mean that you want separate logins for one network or the other, or something else.

Take a look at the following on setting up guest wireless. This shows you how to set up to separate wireless areas, assigning what you want to each.

https://support.software.dell.com/sonicwall-tz-series/kb/sw4955
0
 

Author Comment

by:W.E.B
ID: 40462159
Hello carlmd,
Thank you for your help and time.

As I mentioned earlier, I'm just trying to separate my house devices from work devices.
Right now, my house devices are detected  on the work network.

I tried to follow the link for creating a guest account (which , I guess, will be my house devices).

However, my WLAN is already configured. (Please see attached).

Thank you,
img017.pdf
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40462203
One way to do this: make an address group of your work devices, then make an allow firewall rule for them. Then make a block all lan to vpn below that rule.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:W.E.B
ID: 40463309
HI Aaron,
Can you please guide me - step by step - (I've never worked with Sonic wall before).

Will this prevent my home devices from showing on Work network (vpn).

Thank you
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40463458
sure. You get firewall rules by default across zones, but you can also make address objects and address object groups to make rules with.
There are at least 3 ways to do this:
1. if all the devices are going to be in the same zone, make address objects
2. Make a new ssid for work or home and Make a different zone (either for work or home) and only allow the vpn to the work zone.
3. same as 2 but you can make your other trendnet ap a different zone by plugging it into a different port and giving it a different subnet

so for way 1, start by making an address object for your laptop
then make a group and call it something like G-VpnAllowDevices
then goto firewall, matrix, vpn->lan
make an allow from anywhere to G-VpnAllowDevices
make deny all
goto firewall, matrix, lan->vpn
make an allow from G-VpnAllowDevices to anywhere
make deny all

if you want to do 2 or 3 instead, let me know if you need assistance with those.
0
 

Author Comment

by:W.E.B
ID: 40463489
Hi Aaron,
Thank you for your time.

Number three is the one I had in mind,
Different home zone, Different Home Subnet.

I attached a screen shots of my ports and Interface.

thanks,
Interface.pdf
Ports.pdf
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40463600
ok, so set the ap up as just an ap, not a router, no dns, dhcp, etc...
do you want to use this one for work or personal? I'll assume personal.

make a new zone called homeWifi
assign an unused (x2 or x3) interface to this zone instead of portshielded to x0
assign it an subnet and ip (e.g. 192.168.11.x)
plug the lan of the ap into x2
anything on that ap either wired or wireless will be part of the homewifi zone

now you have a seperate zone. depending on how you did your vpn, it might already not let the homewifi zone in, but if it does, in the firewall, vpn->homewifi add a deny all rule.
0
 

Author Comment

by:W.E.B
ID: 40463611
Sorry Aaron,
I'm a bit slow on this.

So I go to Network > zones, Add  , then what?
I put the Name, but it's asking for Security type, and check marks to Enable .. create ..

assign an unused (x2 or x3) interface
How do I do this?

A step by step guide is greatly appreciated.

Thank you
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40463616
Here are most of the steps
http://mobile.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28240877.html

I've got all my sonicwalls on 6.2 firmware so I can't give you exact steps from my gear as yours is older. You can get the manual from somicwall and the interface also has a great help for the specific choices.
0
 

Author Comment

by:W.E.B
ID: 40465285
Thank you Aaron,
I followed your instructions, along with the link.
Created a zone,
added the interface (x2)
plugged my AP to x2,
now I have a new wireless with new ip, subnet.

the only problem I have is, when I connect to the new wireless, I need to add a static ip to my devices to get connected.

is there a way to make the devices assigned an ip automatically?

thanks again.
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40465529
network->dhcp
add a new dhcp range for that network
0
 

Author Closing Comment

by:W.E.B
ID: 40465609
Thank you very much.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question