1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: SonicWall TZ150 configuration

Discussion in 'Networking' started by Protech, Apr 23, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Protech

    Protech Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    7
    Hello. I have searched the web for info on configuring a SonicWall TZ150 firewall, but have not had much luck, so I’m hoping for some guidance in this forum. Here’s my scenario:

    • LAN with 10.10.1.x subnet, statically assigned IPs
    • SonicWall TZ150, LAN IP 10.10.1.1, WAN IP 10.10.1.5, using NAT
    • Linksys WRT54G router, LAN IP 10.10.1.99, WAN IP dynamic from ISP’s DSL modem

    The PCs on this LAN are connected to the SonicWall’s LAN port via a switch. The SonicWall’s WAN port connects to a LAN port on the Linksys. The WAN port on the Linksys connects to the DSL modem.

    Now, this configuration has been in place for years and has worked fine. This week they put in a new Brother wireless printer, and asked me to assist in getting it setup for printing from the LAN PCs. Piece of cake…or so I thought. Getting the printer setup to communicate with the Linksys WAP on the router was easy. It has IP 10.10.1.102 assigned from the router’s DHCP table.

    With my laptop plugged into one of the router’s LAN ports (as a test only), I can ping the wireless printer from both my laptop and the Linksys diagnostic ping utility. However, I cannot ping the printer (.102) or the router (.99) from any PC on the LAN side of the SonicWall. What seems very odd to me is this configuration allows the access of everything BEYOND the router (i.e. the web) from the LAN, but not the router itself (and hence nothing connected to the router). Also odd, I think, is that the SonicWall's WAN and LAN ports are both in the same subnet, and using NAT, so I don’t understand how the SonicWall is actually “routing”. I’ve tried adding static routes, changing NAT settings, etc. on the SonicWall, but so far nothing has worked.

    In further testing, if I bypass the SonicWall’s WAN port by moving the ethernet cable over to one of its LAN ports (effectively converting it from a firewall to a switch), everything works great for printing (now PCs & printer on the same subnet), but of course that disables the ability to access the DSL modem & web. I considered just removing the SonicWall from the setup, as it seems a bit redundant to have double firewalls protecting the LAN, but because it’s a retail office I don’t want to disturb the credit card privacy configuration someone else setup.

    There is probably a simple configuration change to be made on the SonicWall (or maybe the Linksys?) but thus far this one has me stumped! :confused: Any advice would be greatly appreciated. Thanks much!
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,917
    First Name:
    Terry
    Most times almost nothing works when cascaded (LAN port to WAN port) routers have the same LAN subnet. Your configuration is probably getting internet access because the Linksys is passing the public DNS server address to the SonicWall.

    I'm not understanding the purpose of having the routers cascaded that way while trying to have devices on one subnet access devices on the other. If it is only access from the SonicWall to devices on the Linksys you can probably get it to work by changing the LAN IP addresses on one of the routers. It sounds like most or all the computers with static IPs are assigned to the SonicWall, so I would change the Linksys LAN (say, to the more usual 192.168.1.x, or to 10.10.2.x).

    If there is no reason for the cascaded routers you could connect/configure one of them as an ethernet switch and wireless access point.
     
  3. Protech

    Protech Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    7
    Hi TerryNet and thanks for the input!

    Yes, changing the LAN IP of the Linksys was my next thought too, but I first wanted to be sure I didn't flub things up by doing so (I'll wait until after business hours to try that, just in case). What I haven't yet figured out is HOW the SonicWall functions with its LAN and WAN ports belonging to the same subnet. Is it not functioning as a router?

    Right now the Linksys is acting as a WAP (for the wireless printer), as well as a router. Are you suggesting I shut off its router function and have it be a WAP only? How would I accomplish that? Thanks again.
     
  4. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,917
    First Name:
    Terry
    I don't pretend to know that either, but it probably has something to do with how it is programmed (the firmware).

    Good question. I had assumed that it is since it's WAN port is connected. But (at least) some routers have an AP (or bypass) mode which essentially disables the NAT and makes the WAN port just another LAN port. You will need to look carefully at its configuration pages to determine if anything like that is happening.

    You really need to have a router, performing as a router, connected to the modem. So if you wanted to make the Linksys be a WAP only (because the SonicWall is not wireless?) you would need to make the SonicWall the primary router. Here's the complete description.

    JohnWill's procedure (Aug. 30, 2008) for configuring a secondary router as a switch and, optionally, wireless access point follows.

    Connecting two (or more) SOHO broadband routers together.

    Note: The "primary" router can be an actual router, a software gateway like Microsoft Internet Connection Sharing, or a server connection that has the capability to supply more than one IP address using DHCP server capability. No changes are made to the primary "router" configuration.

    Configure the IP address of the secondary router(s) to be in the same subnet as the primary router, but out of the range of the DHCP server in the primary router. For instance DHCP server addresses 192.168.0.2 through 192.168.0.100, I'd assign the secondary router 192.168.0.254 as it's IP address, 192.168.0.253 for another router, etc.

    Note: Do this first, as you will have to reboot the computer to connect to the router again for the remaining changes.

    Disable the DHCP server in the secondary router.

    Setup the wireless section just the way you would if it was the primary router, channels, encryption, etc.

    Connect from the primary router's LAN port to one of the LAN ports on the secondary router. If there is no uplink port and neither of the routers have auto-sensing ports, use a cross-over cable. [You will not need a cross-over cable if one of the "routers" is a computer.] Leave the WAN port unconnected!

    This procedure bypasses the routing function (NAT layer) and configures the router as a switch (or wireless access point for wireless routers).

    For reference, here's a link to a Typical example config using a Netgear router
     
  5. Protech

    Protech Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    7
    Thank you, TerryNet, for the great advice! That definitely helped me see the issue from another angle, especially the nice diagram provided by Netgear. I think I now have it figured out how I am going to reconfigure the LAN/WAN. I've attached a PDF showing the current & proposed setup. The other piece of the puzzle I hadn't mentioned before is the need to maintain a public wireless hotspot outside of the private LAN (10.10.1.x). The configuration I'm planning will, I think, accomplish the original goal of adding a wireless printer to the private LAN, yet keep the private & public LANs seperate, and allow all to have internet access. Take a look and see if you agree. Thanks again! :D
     

    Attached Files:

  6. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,917
    First Name:
    Terry
    That diagram looks good to me. :)
     
  7. Protech

    Protech Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    7
    Terrific, thanks. I hope to return there tomorrow and try it out. I'll post the results. (y)
     
  8. Protech

    Protech Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    7
    I finally made it back there yesterday and made the changes according to my trusty diagram, and VOILA! ...all is working now! :D Wireless printing on the LAN now works, internet access from both public & private LANs work, and the private LAN is still private. Customer is happy, so all is good. Thanks again for your help! :)
     
  9. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,917
    First Name:
    Terry
    You're welcome. :) Glad it worked well.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved SonicWall TZ150
  1. Kaizerwulf
    Replies:
    2
    Views:
    1,658
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918796

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice