Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Setting up TZ400 with DMZ and 2 networks

Hello all,

This is my first post on the forums so I apologize if my question seems elementary. I work for a small organization who recently purchased a TZ400. I've worked with Cisco products in the past, but was by no means an expert. I currently have my TZ400 setup with a 10mb WAN connection coming into the X1 Interface and I have my LAN on the X0 like normal. I have a completely separate circuit coming in from our local tel co provider that is a 100mb connection. I know this seems backwards but right now our business network is using the 10bm connection on the TZ400, and the public guest network is setup on the 100mb connection on its own router. Right now I have a simple Wi-Fi setup in the organization where the 100mb circuit goes into it's own router, it has its own switch and its own AP's through the building. This was my only guaranteed way to prevent anything from the guest network coming into the business network and messing things up before since anyone from the public could come join the guest network.

Now that I have a SonicWALL I've heard about setting up zones and DMZ's and would like to ask the best approach for my problem. I would like to have both the 10mb and 100mb WAN connections coming into the SonicWALL. I would like to have my business (secure) network on one interface and my guest network on a separate interface and make it so that neither communicated with the other. I would like to still be able to provide protection to both network using my SonicWALL services that were setup like IPS and the things in Capture Security. I would also like to have a zone for the copiers and printers in the building so that all devices on the business and guest network could print to those, but in no way could something from the guest network bleed over into the business side of things via a printer. I was told this would be setup like a DMZ. That's really the only thing I would like to know about (as far as how to approach and set this up) I've been watching videos on YouTube about setting up the DMZ and having two different networks, but I figured this would be the best place to ask.

One more question. I have a CCTV network at my location. Right now it's completely offline. There is a server running Server 2008R2 and currently the company will not pay for an upgrade and 2008 is no longer supported. I took the server offline to prevent anything from happening to it since it can no longer be secured and patched. Would it be safe to have the CCTV equipment on an interface by itself so that other devices in the facility could see the CCTV cameras, or would you all recommend keeping it offline. Right now there is a server and 1 viewer station for security. Some of the supervisor have expressed wanting to see the cameras, but I've told them I'm not crossing the networks for security purposes. Just wondering how you would approach that given the CCTV equipment can't be upgraded.


Thanks everyone!

Category: Entry Level Firewalls
Reply
Tagged:

Best Answers

Answers

  • Twizz728Twizz728 Newbie ✭

    Hello @SHIPRASAHU93 

    I currently trying to setup the the Wireless interface on the SonicWALL. I have a switch connected to the interface (X6) and a host connected to that switch. The default Subnet on my LAN is the typical 192.168.1.1 but on the Wireless I wanted to make it 192.168.100.1. Does there need to be a router connected to the interface on X6 since the IP address is different? I didn't figure this to be the case. i just assumed the SonicWALL handled all the routing between interfaces but wanted to make sure first.


    Thanks!

  • Twizz728Twizz728 Newbie ✭

    Hello @SHIPRASAHU93 

    Another quick question. What I have running into right now is, I have my (X6) Interface setup as Wireless or WLAN with the IP address of (192.168.100.1). I have a switch connected to that interface with an IP address of (192.168.100.2). I have several computers and a couple wireless AP's connected to the switch. None of the devices can currently connect to the WAN. The permissions for the WLAN and Wireless zones are set to allow access, but for some reason nothing on that interface can get out to the internet. Is there anything else that needs to be configured before access would be allowed?

    X6 Interface IP (192.168.100.1) Zone is set to WLAN which allows for WLAN to DMZ, VPN, WAN, Wireless, WLAN. It denies access to LAN only (Which is where I have my secure devices.)

    Thanks in advance and you've already been a big help!

  • @Twizz728,

    Here are two things that I would check:

    1) WLAN zone on the firewall is used for SonicWall access points: SonicPoint and SonicWAVEs. So, please check if this check box is enabled on the WLAN zone under MANAGE | Network | Zones tab. Click on configure for WLAN zone and navigate to Wireless tab and look for 'Only allow traffic generated by a SonicPoint/SonicWave'.

    If yes, please disable it and then test. Or choose a different custom zone for X6 interface and not the built-in WLAN.

    2) If you have internal DNS servers on LAN and use them for X0 subnet, please make sure that the DHCP scope for X6 interface is not using those internal DNS servers as by default WLAN will not have access to LAN.

    You can change that from MANAGE | Network | DHCP server. Click on the configure option for X6 DHCP scope and navigate to DNS/WINS tab. Use global DNS servers like 8.8.8.8 and 8.8.4.4.

    Also, please check if you are able to ping to 8.8.8.8 while on wireless which can tell if the problem is with DNS or not.

    If those does not help, we would need to perform packet capture on the firewall and see what could be the issue.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.