Setting up TZ400 with DMZ and 2 networks
This is my first post on the forums so I apologize if my question seems elementary. I work for a small organization who recently purchased a TZ400. I've worked with Cisco products in the past, but was by no means an expert. I currently have my TZ400 setup with a 10mb WAN connection coming into the X1 Interface and I have my LAN on the X0 like normal. I have a completely separate circuit coming in from our local tel co provider that is a 100mb connection. I know this seems backwards but right now our business network is using the 10bm connection on the TZ400, and the public guest network is setup on the 100mb connection on its own router. Right now I have a simple Wi-Fi setup in the organization where the 100mb circuit goes into it's own router, it has its own switch and its own AP's through the building. This was my only guaranteed way to prevent anything from the guest network coming into the business network and messing things up before since anyone from the public could come join the guest network.
Now that I have a SonicWALL I've heard about setting up zones and DMZ's and would like to ask the best approach for my problem. I would like to have both the 10mb and 100mb WAN connections coming into the SonicWALL. I would like to have my business (secure) network on one interface and my guest network on a separate interface and make it so that neither communicated with the other. I would like to still be able to provide protection to both network using my SonicWALL services that were setup like IPS and the things in Capture Security. I would also like to have a zone for the copiers and printers in the building so that all devices on the business and guest network could print to those, but in no way could something from the guest network bleed over into the business side of things via a printer. I was told this would be setup like a DMZ. That's really the only thing I would like to know about (as far as how to approach and set this up) I've been watching videos on YouTube about setting up the DMZ and having two different networks, but I figured this would be the best place to ask.
One more question. I have a CCTV network at my location. Right now it's completely offline. There is a server running Server 2008R2 and currently the company will not pay for an upgrade and 2008 is no longer supported. I took the server offline to prevent anything from happening to it since it can no longer be secured and patched. Would it be safe to have the CCTV equipment on an interface by itself so that other devices in the facility could see the CCTV cameras, or would you all recommend keeping it offline. Right now there is a server and 1 viewer station for security. Some of the supervisor have expressed wanting to see the cameras, but I've told them I'm not crossing the networks for security purposes. Just wondering how you would approach that given the CCTV equipment can't be upgraded.