Also look at the Fortigate 50 series... * *
*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Wed, Aug 3, 2011 at 3:53 PM, David Lum <[email protected]> wrote: > Nice, looks like the SSG5 fits the bill. Looks like Watchguard XTM2 lives > in the same space.**** > > ** ** > > Now that I think about it, in this same office are 4 different companies > (most sized 2 employees) each with a Linksys doing much the same thing I’m > trying to do with this WLAN. I’d bet the right firewall would allow me to > eliminate all those Linksys devices right?**** > > ** ** > > Use the Dell switch, have the firewall be promiscuous and VLAN off the > various ports so they can only see the firewall as well as get DHCP from it. > **** > > ** ** > > Amirite?**** > > ** ** > > Dave**** > > ** ** > > *From:* Paul Hutchings [mailto:[email protected]] > *Sent:* Wednesday, August 03, 2011 11:41 AM > *To:* NT System Admin Issues > *Subject:* RE: VLAN N00b**** > > ** ** > > FWIW I think the Juniper SSG5's are perfect for most needs and they're dirt > cheap too. **** > > ** ** > > They should do what you need if you do go down that route.**** > > ** ** > > If not, assuming you can VLAN or zone off ports on the Sonicwall or do > something to keep the Guest and LAN traffic separate, as other have said > either chop in the AP or buy a dirt cheap router and connect it to the guest > VLAN just to use its DHCP server functionality.**** > ------------------------------ > > *From:* David Lum [[email protected]] > *Sent:* 03 August 2011 6:58 PM > *To:* NT System Admin Issues > *Subject:* RE: VLAN N00b**** > > Their SonicWALL is old (SOHO3!) and I have - previous to this latest work - > talked them into upgrading but I just haven’t done it (it’s one of my > clients I can go 3 months w/out being onsite, and it just slipped through > the cracks). This looks like a good time to revisit and add a new > requirement to the firewall capabilities…**** > > **** > > Dave**** > > **** > > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Wednesday, August 03, 2011 10:36 AM > *To:* NT System Admin Issues > *Subject:* RE: VLAN N00b**** > > **** > > Send it back and get one that does, or put something in the ‘new’ network > that will do the dhcp for you. Will the Sonic do dhcp on just one interface > perhaps? I really think this direction is the cleanest and easiest to do. > **** > > **** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, August 03, 2011 1:21 PM > *To:* NT System Admin Issues > *Subject:* RE: VLAN N00b**** > > **** > > I thought of that, but this AP doesn’t have the capability to be a DHCP > server.**** > > **** > > Dave**** > > **** > > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Wednesday, August 03, 2011 9:57 AM > *To:* NT System Admin Issues > *Subject:* RE: VLAN N00b**** > > **** > > Are only non-company assets going to use this AP? If yes read on, otherwise > hit delete.**** > > **** > > Since it is a small environment with only one AP, set the AP up as it’s own > DHCP server….put it on it’s own physical and logical network and drop > another port in the Sonic Firewall and just route them straight out to the > internets….**** > > * ***** > > **** > > **** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, August 03, 2011 10:27 AM > *To:* NT System Admin Issues > *Subject:* VLAN N00b**** > > **** > > So…I bought a wireless AP and it looks like I get to delve into learning a > little VLANing.**** > > **** > > Environment:**** > > DNS,DHCP server (2003 SBS server, Domain controller)**** > > Second DC (2003 R2 Server) > SonicWall Firewall > Dell PowerConnect 3448**** > > 17 Domain PC’s**** > > HP M110 Wireless AP with non-domain PC’s using this to get to the Internet. > **** > > **** > > Desired result for WLAN clients: **** > > · Able to get to the Internet, but not be able to see any domain > systems. **** > > · DNS configured to non-domain server (SonicWall would be OK)**** > > **** > > I can VLAN with the PowerConnect and make it so that AP can only get to the > firewall, but my issue then is how will any clients get assigned an IP > address. I can configure the Sonicwall to hand out IP’s but then I lose > control of IP’s (reservations, etc) from the SBS system.**** > > **** > > It looks like I should divorce DHCP from the SBS server and put it on the 2 > nd DC and allow the AP to see the one DC and the Sonicwall.**** > > **** > > Here’s a document I found helpful: > > http://www.dell.com/downloads/global/products/pwcnt/en/howto_config_private_vlans.pdf > **** > > **** > > From that, the SBS server and all domain PC’s would be in Community 10**** > > The AP would be in Community 11 > The firewall and 2nd DC (now doing DHCP) would be promiscuous. Is that too > big of a risk? The HP110 can do RADIUS and I did install that capability on > the 2nd DC but I don’t really know what I’m doing here.**** > > **** > > This would get me close to my desired result. Can RADIUS be used to > conditionally hand out IP addresses? What would be nice is the ability to > have it so VLAN1 (Community 10 in the diagram) gets some IP settings, VLAN2 > (Community 11) gets others – namely a different DNS server.**** > > **** > > All thoughts and comments welcome.**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > **** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
