I am looking for advice on how to configure a new SonicWall TZ270 firewall I just purchased to replace a Juniper Networks SSG5 in my home. My first question has to do with how to set up zones behind my firewall. My SSG5 has three zones and is configured to block all traffic between the zones (isolate them):
- Work: This zone includes a Windows Server 2012 file server, a NAS device, a work PC running Windows 10, and a network printer. These devices are configured with static IP addresses in the range of 192.168.1.xxx.
- Home: This zone includes my wife's W10 PC, my son's W10 laptop, daughter's Apple laptop, and a Netgear Orbi wifi router. These devices are connected via Cat5e cables and are configured with static IP addresses in the range of 192.168.2.xxx.
- Wifi: The Orbi wifi router and a single satellite located centrally in the house creates a wifi mesh that uses DHCP. It is password protected and is used by two smart TVs, 4 family smart phones, several iPads and guests devices. Last night I checked and there were 57 different devices in its DHCP table. I deleted old entries and got the list to 21.
I want to create more zones with the SonicWall TZ270. I purchased three years of their Essential's services and plan to use their sandbox to scan all email attachments.
I read somewhere that it is not a good idea to use 192.168.1 as malware looks for this common IP range. Is this true? Am I better off using IP addresses between 10.0. 0.0 to 10.255. 255.255 or IP addresses between 172.16. 0.0 to 172.31. 255.255?
I would appreciate feedback/suggestions on my current thoughts about zones on the TZ270 setup:Zone 1 Work
. Same as before but use different private network range, say 10.10.1.xxx with static IP. Have SonicWall fully protected this zone, including sandbox.Zone 2 Home
. Same as before but use different private network range, say 10.10.2.xxx, with static IP. Have SonicWall fully protected this zone, including sandbox.Zone 3 TV
. Set up a dedicated zone for our two TVs and program SonicWall not to scan traffic - don't want or need it to scan Netflix, etc. Short-term this will include family wifi due to the lack of wired ethernet near the TV (something I may fix in the next month or two). This will use DHCP and private network 172.17.1.xxx. Wifi access will be limited to my family's devices and our TVs using MAC address filtering. Some of the SonicWall features (TBD) will be active on this, but not all.Zone 4 Guest Wifi
. Uses DHCP and a different network, perhaps 192.168.99.xxx. It will be password protected, but otherwise open for visitors to use. If possible, I would like the DHCP table to get automatically flushed.Zone 5 (future) IoT zone
. In the future I will have some security cameras (ring doorbell like devices) and may isolate them on their own network.
Thank you for your thoughts and recommendations!