noob question... sorry for the lack of knowledge
wireguysny
Newbie ✭
We have been installing Luxul networking gear for a national chain for a few years now. They are growing and doing more wireless payment devices that run via wifi. We have been using Luxul rack mount routers and wireless controllers with what ever the best AP is at the time. Its really just a cookie cutter system for each location.
Lately we have been getting more questions about Firewalls. I have seen Sonicwall units in offices and other locations but they are typically used as a router from what I can tell.
Can we put a Sonicwall hardware device inbetween the ISP and the Luxul router? This way we can keep the current systems we have in place but add a layer of security before the network starts at the Luxul router. We have VLans on the APs and stuff and its been bulletproof for years so we really dont want to rock the boat.
I just want to be able to say "yes,we have a solid firewall in place". Right now we use two ISPs per location. One is for rollover backup in case the primary goes down. Does Sonicwall make a dual wan firewall too?
So on average there is about 60 devices at any time on the network. They do not allow guests onto the network. Its only the staff on one segment and the POS on the other. Two Vlans only. We use a 16 character random character WPA3 password for the wifi SSID's.
If adding a Sonicwall in the middle will help and be somehow (even though I have no idea what it does) "safer" it will fit the bill. Id love a model recommendation and hopefully its pretty plug and play for a bunch of noobs.
Also is there a service they need to subscribe to for each location that provides updates etc.
Thank you so much in advance.
Brian
Answers
You can put a Sonicwall in transparent mode between the Luxul router and the ISP device, but TBH I think this would be unnecessarily complex and expensive - just move the routing functions from the Luxul router to the Sonicwall and dispense with the Luxul. I know nothing about Luxul, perhaps there is some feature or function they do that a Sonicwall cannot.
At the end of the day, the difference between a "router" and a "firewall" is just semantics. SonicOS has a pretty decent routing feature set, but buying a Sonicwall and not using the subscription-based security services doesn't make any sense, there are much cheaper platforms available if you're never going to use the subscription services.
Sonicwall makes N-WAN firewalls: you can have as many WANs as the box has interfaces [perhaps -1: you do actually want a LAN interface, right? :D ]
Ok so it can be a transparent filter !! The reason for the Luxul router is it also hosts the Access Points manager software. Very close to how Aruba works.
This is the router:
I dont think there would be any problem with using a subscription since they already pay for other services. Having a firewall that updates to the newest threarts without a truck call sounds fantastic. There are 31 locations and 20 more coming this year.
I think I should get an N-WAN firewall like you suggested and test it on a non deployed system in our office. As long as its idiot proof and documented well I wont blow anything up...maybe.... the POS company said they have been on installs with SonicWalls for years so its a huge comfort to us and for the staff wifi , if they cant reach certain websites or do other things I doubt the owner will care. It just seems there is a massive movement to harden networks even on the smallest scale. We have a Unifi system here our camera guy originaly installed and its been rock solid for us but its kinda old at this point. Our client told us from the start they didnt want Unifi because it was thought as not secure enough so hence the path they choose, We just smile and follow,
Thanks for you input - much appreciated!
Without more information on the Luxul ABR-5000 (boy is the documentation bad) it's very hard to say what it can and can't do compared to a Sonicwall. My guess is it has NAT and firewall capabilities (since its claimed it can do port-forwarding) so technically you are likely already providing a firewall.
I usually agree with Arkwright but I do have to disagree with "At the end of the day, the difference between a "router" and a "firewall" is just semantics." I won't go full argument, but the differences are massive. Marketing to consumers has changed most peoples wording and understanding.
"It just seems there is a massive movement to harden networks even on the smallest scale." Shouldn't things be inherently secure? Many places are looking into cybersecurity insurance, that's where this movement is coming from.