Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Setting up TZ400 with DMZ and 2 networks

Hello all,

This is my first post on the forums so I apologize if my question seems elementary. I work for a small organization who recently purchased a TZ400. I've worked with Cisco products in the past, but was by no means an expert. I currently have my TZ400 setup with a 10mb WAN connection coming into the X1 Interface and I have my LAN on the X0 like normal. I have a completely separate circuit coming in from our local tel co provider that is a 100mb connection. I know this seems backwards but right now our business network is using the 10bm connection on the TZ400, and the public guest network is setup on the 100mb connection on its own router. Right now I have a simple Wi-Fi setup in the organization where the 100mb circuit goes into it's own router, it has its own switch and its own AP's through the building. This was my only guaranteed way to prevent anything from the guest network coming into the business network and messing things up before since anyone from the public could come join the guest network.

Now that I have a SonicWALL I've heard about setting up zones and DMZ's and would like to ask the best approach for my problem. I would like to have both the 10mb and 100mb WAN connections coming into the SonicWALL. I would like to have my business (secure) network on one interface and my guest network on a separate interface and make it so that neither communicated with the other. I would like to still be able to provide protection to both network using my SonicWALL services that were setup like IPS and the things in Capture Security. I would also like to have a zone for the copiers and printers in the building so that all devices on the business and guest network could print to those, but in no way could something from the guest network bleed over into the business side of things via a printer. I was told this would be setup like a DMZ. That's really the only thing I would like to know about (as far as how to approach and set this up) I've been watching videos on YouTube about setting up the DMZ and having two different networks, but I figured this would be the best place to ask.

One more question. I have a CCTV network at my location. Right now it's completely offline. There is a server running Server 2008R2 and currently the company will not pay for an upgrade and 2008 is no longer supported. I took the server offline to prevent anything from happening to it since it can no longer be secured and patched. Would it be safe to have the CCTV equipment on an interface by itself so that other devices in the facility could see the CCTV cameras, or would you all recommend keeping it offline. Right now there is a server and 1 viewer station for security. Some of the supervisor have expressed wanting to see the cameras, but I've told them I'm not crossing the networks for security purposes. Just wondering how you would approach that given the CCTV equipment can't be upgraded.


Thanks everyone!

Category: Entry Level Firewalls
Reply
Tagged:

Best Answers

Answers

  • Twizz728Twizz728 Newbie ✭

    Hello @SHIPRASAHU93 

    I currently trying to setup the the Wireless interface on the SonicWALL. I have a switch connected to the interface (X6) and a host connected to that switch. The default Subnet on my LAN is the typical 192.168.1.1 but on the Wireless I wanted to make it 192.168.100.1. Does there need to be a router connected to the interface on X6 since the IP address is different? I didn't figure this to be the case. i just assumed the SonicWALL handled all the routing between interfaces but wanted to make sure first.


    Thanks!

  • Twizz728Twizz728 Newbie ✭

    Hello @SHIPRASAHU93 

    Another quick question. What I have running into right now is, I have my (X6) Interface setup as Wireless or WLAN with the IP address of (192.168.100.1). I have a switch connected to that interface with an IP address of (192.168.100.2). I have several computers and a couple wireless AP's connected to the switch. None of the devices can currently connect to the WAN. The permissions for the WLAN and Wireless zones are set to allow access, but for some reason nothing on that interface can get out to the internet. Is there anything else that needs to be configured before access would be allowed?

    X6 Interface IP (192.168.100.1) Zone is set to WLAN which allows for WLAN to DMZ, VPN, WAN, Wireless, WLAN. It denies access to LAN only (Which is where I have my secure devices.)

    Thanks in advance and you've already been a big help!

  • Twizz728Twizz728 Newbie ✭
    Thank you for all the help. I have the network setup pretty good now with your help but have a question about the DMZ.

    Currently I have 2 WAN interfaces. I have a LAN interface and a Guest interface. The LAN and Guest don't touch. The LAN uses the 192.168.100.1 scope and the Guest uses the 192.168.200.1 scope. I want to put 2 network printers in the DMZ so that the LAN and Guest networks can print. I'm wanting it setup this way so that nothing from the Guest network can bleed over into the LAN.

    Would I need to put a small router on the interface for the DMZ and hook the printers into that? Also what IP range would I use so that both interfaces could communicate with the DMZ?

    Thanks!
  • @Twizz728,

    The SonicWall can take routing decisions, so no additional router is required. You can either plug the printers directly to the firewall or use a small switch for multiple devices if they need to terminate on the same interface.

    The IP scheme needs to be separate for this interface and you would need to add access rules from LAN/Guest to DMZ and vice versa to provide access to the printers from both of them.

    Without any access rule from LAN to Guest and vice versa, those two networks will still stay isolated from each other.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.