TZ400 in front of a Ubiquiti Dream Machine Pro?
jacobsoj74
Newbie ✭
Hi everyone!
We have a ubiquiti UDM Pro which is acting as a the main router for (At&t fiber BIB NextGen 4808)(5 Static IP's){only using 1}. It is controlling several AP's and a camera system. There is port forwarding setup as well as DHCP. I'd like to put a SonicWall TZ400 in front of it to utilize the advanced gateway security bundle subscription. I'm new to sonicwall and would appreciate any help on how to configure it to accomplish this without having to reconfigure the UDM? Is there a way to bridge them and still utilize the security bundle? Thanks so much!
Category: Entry Level Firewalls
Tagged:
0
Comments
You can put the firewall in L2 bridge mode, but you're only going to see everything originate from the IP of the UDM. So when something gets blocked, you won't know what it is, just that it's something behind the UDM.
You could disable NAT on the UDM [probably, don't quote me on that] and route between the networks, then the Sonicwall will know the IP of every device behind the UDM. That will give you better visibility at the cost of extra complexity.
My suggestion would be to use the Sonicwall as the gateway, and just leave the UDM on the LAN as the camera/AP controller [ie, the UDM becomes a 'server' at this point rather than a 'router']. Less complexity and you get to use the features you need from each device.
@Arkwright
Thanks for the comment!
Are you saying to move the port forwarding and dhcp to the sonicwall and change the UDM to a static IP within the pool from the sonicwall on one of the lan ports? As I said I'm new to sonicwall any screenshots or pointers would be much appreciated. I love the words "less Complexity" its exactly what I'm looking for! LOL Thanks again
Yes, that's pretty much it. My suggestion amounts to transferring pretty much the entire configuration of the Sonicwall to the UDM.
I can't give you a list of all the steps. I suggest you break it down in to tasks and google each one [eg setting up DHCP, configuring port forwards, configuring the WAN interface, etc].
At least you have the ability to swap back and forth between the UDM and Sonicwall whilst you test this.