Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Setting up an "internet-only" WiFi AP on a physical interface/port.

We have a TZ350, without the built-in wireless option. I wanted to provide internet access via Wi-Fi for customers, but wanted to make sure that customers cannot access devices LAN. I figured that the best way to do this was to connect the AP to the X2 port (which I was not using for anything else.) I then planned to configure the X2 port to only have access to X1 (WAN), and no devices on the X0 interface (the LAN that all other "employee only" devices are connected to.) After going through the steps from several guides and videos I found online, I could not get this to work for some reason. Most of these videos suggested that a new virtual interface/VLAN be created for the wireless users. Eventually, I created a new Zone for wireless users, and unchecked the boxes to copy access rules. I assigned the zone to X2. I also assigned a static IP address to X2, along with a dynamic DHCP pool for X2. I then created a new rule that grants X2 access to the WAN interface (X1). I _did not_ create a new virtual interface/VLAN, as this appeared to be unnecessary. This seems to be working. A laptop connected to the WiFi AP can access the internet, but cannot “see” or ping anything on X0. I included pictures to clarify what I did. The wireless devices also appear to be obtaining DHCP leases from the pool that's assigned to X2.

 Does anyone see any potential problems with this setup? Will this configuration provide suitable security to prevent wireless uses from gaining access to the X0 LAN?

This is the first time I have tried to configure a complex router. Constructive input and advice are therefore


Category: Entry Level Firewalls

Best Answers

    Twizz728Twizz728 Newbie ✭
    Answer ✓

    This is how I have mine setup. I have my internal secure LAN on X0, WAN X1, Guest WiFi using the WiFi zone assignment on X6. I just ensure that there are no rules allowing X6 to X0, but I did have to create a rule to allow connections from my X6 guest interface to a specific IP on the X0 interface for a copier shared by the entire building. I've not ran into any security issues with this setup.
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    I think that zone security type "public" will by default not create rules from this new zone to LAN. So long as you haven't manually added a 'Wireless AP, Internet Only' -> 'LAN' allow rule, you should be good.


  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Does anyone see any potential problems with this setup?

    Once your non-customer users ask for wireless how will you provide it?

    Will this configuration provide suitable security to prevent wireless uses from gaining access to the X0 LAN?

    What are your 'Wireless AP, Internet Only' to 'LAN' access rules? Or any other sensitive zone?

    I get why you named your new zone 'Wireless AP, Internet Only', but thats more of a description than a name. Try something like 'GUEST'.

  • Frank_PFrank_P Newbie ✭

    Thank you, everyone, for your advice!

Sign In or Register to comment.