Solved

SonicWall tz200 wireless

Posted on 2014-11-23
12
243 Views
Last Modified: 2014-11-25
Hello,
I work from home,
I have a SonicWall TZ200 Wireless, connected to the office through VPN.

I need to separate my home/Personal Devices from my VPN connection.
All of my devices are wireless.

I have an extra access point Trendnet. (that I could use to create a second wireless for personal/Home).

I have never worked with sonicwall before.

Can you please help me with this (Step by Step guide pelase).

thank you,
please see attached screen shot of ports.
Ports.pdf
0
Comment
Question by:Wass_QA
  • 6
  • 5
12 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 40461819
Not sure if you mean that you want separate logins for one network or the other, or something else.

Take a look at the following on setting up guest wireless. This shows you how to set up to separate wireless areas, assigning what you want to each.

https://support.software.dell.com/sonicwall-tz-series/kb/sw4955
0
 

Author Comment

by:Wass_QA
ID: 40462159
Hello carlmd,
Thank you for your help and time.

As I mentioned earlier, I'm just trying to separate my house devices from work devices.
Right now, my house devices are detected  on the work network.

I tried to follow the link for creating a guest account (which , I guess, will be my house devices).

However, my WLAN is already configured. (Please see attached).

Thank you,
img017.pdf
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40462203
One way to do this: make an address group of your work devices, then make an allow firewall rule for them. Then make a block all lan to vpn below that rule.
0
 

Author Comment

by:Wass_QA
ID: 40463309
HI Aaron,
Can you please guide me - step by step - (I've never worked with Sonic wall before).

Will this prevent my home devices from showing on Work network (vpn).

Thank you
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40463458
sure. You get firewall rules by default across zones, but you can also make address objects and address object groups to make rules with.
There are at least 3 ways to do this:
1. if all the devices are going to be in the same zone, make address objects
2. Make a new ssid for work or home and Make a different zone (either for work or home) and only allow the vpn to the work zone.
3. same as 2 but you can make your other trendnet ap a different zone by plugging it into a different port and giving it a different subnet

so for way 1, start by making an address object for your laptop
then make a group and call it something like G-VpnAllowDevices
then goto firewall, matrix, vpn->lan
make an allow from anywhere to G-VpnAllowDevices
make deny all
goto firewall, matrix, lan->vpn
make an allow from G-VpnAllowDevices to anywhere
make deny all

if you want to do 2 or 3 instead, let me know if you need assistance with those.
0
 

Author Comment

by:Wass_QA
ID: 40463489
Hi Aaron,
Thank you for your time.

Number three is the one I had in mind,
Different home zone, Different Home Subnet.

I attached a screen shots of my ports and Interface.

thanks,
Interface.pdf
Ports.pdf
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40463600
ok, so set the ap up as just an ap, not a router, no dns, dhcp, etc...
do you want to use this one for work or personal? I'll assume personal.

make a new zone called homeWifi
assign an unused (x2 or x3) interface to this zone instead of portshielded to x0
assign it an subnet and ip (e.g. 192.168.11.x)
plug the lan of the ap into x2
anything on that ap either wired or wireless will be part of the homewifi zone

now you have a seperate zone. depending on how you did your vpn, it might already not let the homewifi zone in, but if it does, in the firewall, vpn->homewifi add a deny all rule.
0
 

Author Comment

by:Wass_QA
ID: 40463611
Sorry Aaron,
I'm a bit slow on this.

So I go to Network > zones, Add  , then what?
I put the Name, but it's asking for Security type, and check marks to Enable .. create ..

assign an unused (x2 or x3) interface
How do I do this?

A step by step guide is greatly appreciated.

Thank you
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40463616
Here are most of the steps
http://mobile.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28240877.html

I've got all my sonicwalls on 6.2 firmware so I can't give you exact steps from my gear as yours is older. You can get the manual from somicwall and the interface also has a great help for the specific choices.
0
 

Author Comment

by:Wass_QA
ID: 40465285
Thank you Aaron,
I followed your instructions, along with the link.
Created a zone,
added the interface (x2)
plugged my AP to x2,
now I have a new wireless with new ip, subnet.

the only problem I have is, when I connect to the new wireless, I need to add a static ip to my devices to get connected.

is there a way to make the devices assigned an ip automatically?

thanks again.
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40465529
network->dhcp
add a new dhcp range for that network
0
 

Author Closing Comment

by:Wass_QA
ID: 40465609
Thank you very much.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now