Avatar of W.E.B
W.E.B
 asked on

SonicWall tz200 wireless

Hello,
I work from home,
I have a SonicWall TZ200 Wireless, connected to the office through VPN.

I need to separate my home/Personal Devices from my VPN connection.
All of my devices are wireless.

I have an extra access point Trendnet. (that I could use to create a second wireless for personal/Home).

I have never worked with sonicwall before.

Can you please help me with this (Step by Step guide pelase).

thank you,
please see attached screen shot of ports.
Ports.pdf
Wireless NetworkingNetworking Hardware-OtherNetwork Management

Avatar of undefined
Last Comment
W.E.B

8/22/2022 - Mon
Carl Dula

Not sure if you mean that you want separate logins for one network or the other, or something else.

Take a look at the following on setting up guest wireless. This shows you how to set up to separate wireless areas, assigning what you want to each.

https://support.software.dell.com/sonicwall-tz-series/kb/sw4955
W.E.B

ASKER
Hello carlmd,
Thank you for your help and time.

As I mentioned earlier, I'm just trying to separate my house devices from work devices.
Right now, my house devices are detected  on the work network.

I tried to follow the link for creating a guest account (which , I guess, will be my house devices).

However, my WLAN is already configured. (Please see attached).

Thank you,
img017.pdf
Aaron Tomosky

One way to do this: make an address group of your work devices, then make an allow firewall rule for them. Then make a block all lan to vpn below that rule.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
W.E.B

ASKER
HI Aaron,
Can you please guide me - step by step - (I've never worked with Sonic wall before).

Will this prevent my home devices from showing on Work network (vpn).

Thank you
Aaron Tomosky

sure. You get firewall rules by default across zones, but you can also make address objects and address object groups to make rules with.
There are at least 3 ways to do this:
1. if all the devices are going to be in the same zone, make address objects
2. Make a new ssid for work or home and Make a different zone (either for work or home) and only allow the vpn to the work zone.
3. same as 2 but you can make your other trendnet ap a different zone by plugging it into a different port and giving it a different subnet

so for way 1, start by making an address object for your laptop
then make a group and call it something like G-VpnAllowDevices
then goto firewall, matrix, vpn->lan
make an allow from anywhere to G-VpnAllowDevices
make deny all
goto firewall, matrix, lan->vpn
make an allow from G-VpnAllowDevices to anywhere
make deny all

if you want to do 2 or 3 instead, let me know if you need assistance with those.
W.E.B

ASKER
Hi Aaron,
Thank you for your time.

Number three is the one I had in mind,
Different home zone, Different Home Subnet.

I attached a screen shots of my ports and Interface.

thanks,
Interface.pdf
Ports.pdf
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Aaron Tomosky

ok, so set the ap up as just an ap, not a router, no dns, dhcp, etc...
do you want to use this one for work or personal? I'll assume personal.

make a new zone called homeWifi
assign an unused (x2 or x3) interface to this zone instead of portshielded to x0
assign it an subnet and ip (e.g. 192.168.11.x)
plug the lan of the ap into x2
anything on that ap either wired or wireless will be part of the homewifi zone

now you have a seperate zone. depending on how you did your vpn, it might already not let the homewifi zone in, but if it does, in the firewall, vpn->homewifi add a deny all rule.
W.E.B

ASKER
Sorry Aaron,
I'm a bit slow on this.

So I go to Network > zones, Add  , then what?
I put the Name, but it's asking for Security type, and check marks to Enable .. create ..

assign an unused (x2 or x3) interface
How do I do this?

A step by step guide is greatly appreciated.

Thank you
Aaron Tomosky

Here are most of the steps
http://mobile.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28240877.html

I've got all my sonicwalls on 6.2 firmware so I can't give you exact steps from my gear as yours is older. You can get the manual from somicwall and the interface also has a great help for the specific choices.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
W.E.B

ASKER
Thank you Aaron,
I followed your instructions, along with the link.
Created a zone,
added the interface (x2)
plugged my AP to x2,
now I have a new wireless with new ip, subnet.

the only problem I have is, when I connect to the new wireless, I need to add a static ip to my devices to get connected.

is there a way to make the devices assigned an ip automatically?

thanks again.
ASKER CERTIFIED SOLUTION
Aaron Tomosky

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
W.E.B

ASKER
Thank you very much.