Create wireless guest network on sonicwall tz200

I have a SonicWall TZ200 that I would like to use to create a guest network using my UniFi wireless access point to allow guests access to the internet using a different subnet isolating them from my internal network.  I am unfamiliar with this type of setup and need detailed instructions.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Here is the step-by-step procedure: How to configure WGS (Wireless Guest Services) in Sonicwall TZ devices with built-in wireless (SonicOS Enhanced) (SW4955)

Please try following the steps and post back with any issues/questions.
kentcraneAuthor Commented:
Wayne,  my SonicWall TZ200 does not have antennas, so I am assuming that it does not have "built in wireless" as required in the instructions that were supplied in the link that you provided. Will the instructions work since I am using a UniFi AP?
Hi Kentcrane,

If you're using a different brand of AP then the setup will be a little different.  You will need to create VLAN for that WIFI AP with firewall rule to go along with it.

Can you kindly provide a network diagram of your setup as well as the TZ200 ports used?

SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

What I've done is I had to create two LANs on the Sonicwall, allowing the second LAN (to be used for guests) access to the IP address of the system with the controller on the first LAN (requirement in order to UniFis to work properly). Then I set up VLANs on a switch, one VLAN for each subnet, and then configure a port where the main VLAN is untagged and the second VLAN (guest network) is tagged. The UniFi needs to be connected to that exact port. That way, when you configure the guest wireless network, you can specify the VLAN ID.

I had just done this exact scenario last week using a Sonicwall TZ-100, and a Trendnet web smart switch. Works like a charm and keeps things segregated properly!
kentcraneAuthor Commented:

Attached is a hand drawn diagram of my system.  Where do I find the ports on the SonicWall?
kentcraneAuthor Commented:

I do not know my way around the SonicWall very well and need step-by-step instructions. I have found a couple of instruction sets that seem to address my issue, but the interface image shown in the instructions does not match my screen.
kentcraneAuthor Commented:
It appears that the experts have lost interest in this question. Since no answer has been provided, perhaps the moderator can delete it.
Hi Kentcrane,

Sorry for the late response, I've been busy at work.  After looking at your network diagram, you won't be able to separate the  UniFi wireless access point without putting the dumb switches in between the Sonicwall and the AP in the same VLAN as the AP.  Is the AP far away from the Sonicwall router?

1.  If yes, then it's best if you get a Sonicpoint AP because you have more flexibility in controlling a Sonicpoint AP with Sonicwall router.

2.  If not, then you can create a VLAN on the Sonicwall (for example, using X4 for VLAN and connect the  UniFi AP to that port to separate it from the internal network.  Then we can proceed to talk about how to configure this.

Can you let me know if option 2 is possible?  If the UniFi AP cannot be directly connected to a port on the Sonicwall router then you will have to either go with option 1 or put the two switches on the same VLAN which wouldn't make sense because that's the same as putting the AP in the same internal network.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kentcraneAuthor Commented:
Thanks for getting back, Wayne. I now understand the problem with the switches being being on the vlan set up in the SonicWall. Since I have many other appliances on those 2 switches and my AP location is too far from the SonicWall, I will have to go a different route. It appears that I will need to forget the SonicWall and purchase a managed switch to connect to my Access Point and set up the vlan on that switch.

Thanks for clarifying the problem.
Kentcrane, I am glad to be able to help!  Cheers!
kentcraneAuthor Commented:
I have purchased a Cisco managed switch and would like to proceed to set it up for the isolated subnet. Must the managed switch be connected directly to the SonicWall or can it have unmanaged switches between it and the SonicWall?
Are you using the managed switch to have better control over you network or create VLANs?  If not, it can be connected to other network switches/hubs.
kentcraneAuthor Commented:
I am trying to create a guest wireless access point that will allow access to the internet but deny users access to my lan.  I need to use dhcp (I assume from my SonicWall) to distribute ip addresses to users that are on a different subnet from my lan.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.