Home connection check (diagram included)

DJMK4 · 22 Feb 2010 at 13:41

OK, im just about to implement my firewall at home.

Its a SonicWall TZ150, and im using it alongside my Netgear DG834GT.

Im planning on using the DG834GT as an access point (until I get a new dedicated access point), then all the WLAN traffic can go behind the firewall as apposed to infront of it.

Please check diagram, im 90% sure this will work but just want some eyes to check, only thing im not sure about is the laptops, they are currenty using wireless atm, would I have to increase the DHCP pool range on the netgear to 3 or 4 addresses, or would I have to do it another way?

Check diagram.

We currently have a customer using a similar config to this exept they dont have WLAN users, reason im doing it this way is because I have only 1 static IP address, so the netgears firewall is going to either be disabled, or will be enabled and forward all traffic to the sonicwall, the sonicwall will then be doing all the rule based shizzle.

Thanks all

DJMK4 · 22 Feb 2010 at 13:43

I just noticed a mistake, on the sonicwall firewall, the WAN IP will be 192.168.1.2, the LAN ip will be 192.168.1.3 and the DHCP range will start from 4.

paradigm · 22 Feb 2010 at 13:45

DJMK4 said:
I just noticed a mistake, on the sonicwall firewall, the WAN IP will be 192.168.1.2, the LAN ip will be 192.168.1.3 and the DHCP range will start from 4.

WAN IP and LAN IP should be on different subnets.

DJMK4 · 22 Feb 2010 at 13:51

So chuck the LAN on 192.168.2.0/24 subnet?

What about the laptop users? where would they be getting the IP addresses from (Until I can get a dedicated access point behind the firewall)?

paradigm · 22 Feb 2010 at 14:31

How many interfaces does the sonicwall have?

And do you have tomato/dgteam/dd-wrt on the router?

DJMK4 · 22 Feb 2010 at 14:33

paradigm said:
How many interfaces does the sonicwall have?

And do you have tomato/dgteam/dd-wrt on the router?

SonicWall has 5 interfaces (1 x WAN and 4 x LAN)

Im running the latest DGTeam firmware on my netgear

paradigm · 22 Feb 2010 at 14:56

What I'd be inclined to do then is configure multiple VLANs on the router, with a default gateway of the sonicwall. This way you have a Wireless vlan that forces the traffic through the sonicwall before back out into the WAN vlan of the router.

DJMK4 · 22 Feb 2010 at 15:28

I wasnt even aware my Netgear and DGTeam firmware supported VLAN's :S

paradigm · 22 Feb 2010 at 15:38

DJMK4 said:
I wasnt even aware my Netgear and DGTeam firmware supported VLAN's :S

It might not do, but certainly DD-WRT and Tomato do, so I can only assume.

Hodders · 22 Feb 2010 at 15:47

You would probably find this a lot simpler to set up using a router designed for SoHo use. My suggestion would be the Netgear DGFV338. Just one box that will do the IPsec VPN and all the Wan/Lan firewalling you may want.

DJMK4 · 22 Feb 2010 at 16:07

Hodders said:
You would probably find this a lot simpler to set up using a router designed for SoHo use. My suggestion would be the Netgear DGFV338. Just one box that will do the IPsec VPN and all the Wan/Lan firewalling you may want.

TBH the only reason im implementing a dedicated hardware firewall onto my network is because I aqquired a TZ150 through work, its just sitting at home at the moment doing nothing. I want to make use of it tbh, I know it can be done through the Netgear using the config I have above as have set-up a network with a similar set-up, only difference being no WLAN and my network has this.

My DG834GT has a built in firewall which I can leave turned on, or disable, but the firewall on the SonicWall is more advanced hence why im wanting to use the Sonicwall.