Add a guest wifi at office with TZ-300

fre

I have a TZ-300 with firewall enabled within my office, now I would like to setup a guest wifi. The ideia is the guest can browse internet but no access to our internal network.

I'm thinking to add an external wifi device (ip 20.0.0.2) at X4 interface (ip 20.0.0.1), and then create access rules to allow traffic from X4 only to my X1/WAN port and vice versa. This external wifi device would be the DHCP server and DNS would be a public one (like 9.9.9.9).

But I'm facing doubts in this process. What should I add as gateway at my wifi device? While adding a rule, why can't choose "from X4" (only allow from "X1" or "WAN")?

If there is already a tutorial available, it would be great.

Ajishlal

@fre

Your WiFi device gatway should be 20.0.0.1.

For creating the Rule, recommended to create to new zone for the wifi and assign that zone into the X4 interface so easily you can create the NAT & ACL.

https://www.sonicwall.com/support/knowledge-base/how-to-create-a-custom-zone/170503641320709/

fre

Thanks.

Regarding NAT, it was not needed to create (or one was created automatically by the OS).

Is ACL a "Mac Filter list"? In my case, being a guest wifi, would it be the case to use it?