Best way to attach branch office SonicPoint to a main office SonicWall NSA connected via dedicated ethernet

You should setup a site to site VPN with your two sonicwalls. Once you have this, you should then be able to communicate and manage the sonic point n2 device.

I do not recommend opening and forwarding powers to get to this device across the internet.

Sorry if I wasn't clear but there are not two sonicwall firewalls.   Just the one at the main office.  The network is flat between the locations, same subnet (10.0.X.X across the board).  This is a result of the EDL connection between locations.  The bridge is transparent to us.

Have you reviewed this sonicwalls article?  

I think that since you have a connected sites to site EDL connection. This may help you.

https://support.software.dell.com/fr-ca/kb/sw11970

That article does not really apply since it regards site-to-site VPN.  However this one, https://support.software.dell.com/sonicwall-nsa-series/kb/sw11272 is closer but we still have a problem.  We are already bridging WLAN zone (X6) to LAN Zone (X0) so that wireless devices have LAN resource access so we cannot create another bridge as instructed in the article.  If we did not already have X6 bridged to X0 then I believe the article would address the issue.  Unfortunately ours is a variation on the scenario described in the article which does not allow us to configure the solution as recommended.

Hi CraftySpaz,

I'd recommend breaking the existing Bridge...it's not needed in order for the WLAN to access resources on the LAN. It's a far better security best practice to have separate Zones for the WLAN and LAN traffic. This way you can completely control access to your resources. Wireless traffic should be allocated as well to differentiate, guest, mobile (tablets/smartphones) and laptops, ...but that is for another discussion. The traffic from the wireless network (WLAN) to the wired network (LAN and for that matter the DMZ) is blocked by default so simply change the Action from Deny/Discard to Allow on the applicable Access Rules (WLAN > LAN and LAN > WLAN).

To make these changes:
1. Login to the SonicWALL, go to Firewall > Access Rules
2. Select Matrix Style Viewing and select WLAN > LAN.
3. Once finished click OK and follow the same steps for the LAN > WLAN.

Try to ping a device on the LAN side from a wireless computer and you will be able to get a reply.

Then you can follow this article https://support.software.dell.com/sonicwall-nsa-series/kb/sw11272 to resolve the issue.

Let me know if you have any questions!

An internal DHCP server is handling addresses on the LAN and bridged WLAN.  If  we reconfigure the way you describe is that method still applicable?  Typically in an unbridged setup the SonicWall has to hand on the WLAN addressed.  We could split up the subnet if needed I reckon provided that unbridging the WLAN and LAN would allow us to bridge the WLAN tunnel from the WAP.

well, I think you can if you get more equipment...

DiverseIT,  that does make sense and if fact we have gone down that road already.  Windows DHCP is handling two subnets: LAN (X0) 10.02.X and WLAN (X6) 10.03.X.  One problem we found is that in order for the IP Helper on the SonicWall to function it's DHCP server must be disabled.  This conflicts with the setup as described in https://support.software.dell.com/sonicwall-nsa-series/kb/sw11272 which instructs in Part 1 to ensure that the SonicWall has DHCP enabled for LAN and WLAN zones.  Might there be a way to use the WLAN tunnel interface feature without SonicWall DHCP server?

Have you tried it? I'm thinking the article was written with the assumption that another DHCP is not present so for the integrity of the article they mention DHCP must be enabled. It's worth a shot.

Any update on this?

We have achieved the desired state and I will try to post a summary of the solution shortly.

Awesome!

Performs as desired

Thanks for the points. I'm glad I could help!