# sonicwall settings



## Sandkid (Sep 21, 2012)

I don't have the model of my sonicwall device, but here is what I'm trying to do. I recently took over the job of managing a wifi system for the RV park I live in. No one had the password to the sonicwall, so I had to reset it. We have a T1 line for internet. It goes to the sonic wall, then out to the wifi router.

We have a static IP coming in. It uses the subnet mask 255.255.255.252. 

I think that the sonicwall used the static IP for the WAN, then used 192.168.89.5 for the LAN, with subnet of 255.255.255.0. This is how I set it up after the reset.

The wifi router uses 192.168.89.5 as WAN, and assigns 192.168.17.1/255 out to the wifi users.

I used to connect to the wifi router (from outside the system) by typing in the static IP: xxx.xxx.xx.x:3456/ADMIN/INDEX.HTM . Since I reset the sonicwall, I haven't been able to log in, and can't figure out what settings to use. Internally, I logged in using 192.168.89.5:3456/ADMIN/INDEX.HTM. This also doesn't work. Ironically, both the wifi and hardwired computers all have internet (for now).

I know enough about this to scare most people, meaning not too much. I know that I'm missing something. Any suggestions would be appreciated!

-Wes-


----------



## Wand3r3r (Sep 17, 2010)

Welcome to TSF!

The sonicwall lan and wifi router wan can not be the same ip address.
You can never have the same ip address on two devices in the same lan.
Since it is working this information must be incorrect.

You would logon to the router via what your pc has listed for gateway.
You would logon to the soniceway by what is listed for gateway on the wan port of the wifi router.

You would only use the sonicwalls wan ip address if accessing via the internet remotely which can only be done after you enabled remote management in the sonicwall.
This is not advisable for you to do as it poses a security risk.


----------



## Sandkid (Sep 21, 2012)

Wand3r3r said:


> Welcome to TSF!
> 
> The sonicwall lan and wifi router wan can not be the same ip address.
> You can never have the same ip address on two devices in the same lan.
> ...


I am a little confused. Right now, the incoming internet flow goes MODEM -> SONICWALL-> WIFI ROUTER-> USERS.

IP's are: Modem: 72.11.xx.202 -> Sonicwall: Wan 72.11.xx.202 / Lan 192.168.89.5 -> WiFi: Wan 192.168.89.5 / Lan 192.168.17.1-255

I thought that the flow had to go through the sonicwall this way: in the Wan and out the Lan, then the same for the WiFi router - in the Wan and out the Lan. If this is wrong, can you give me an example using actual addresses? Then with a little luck, I will be able to get everything working properly.

Also, I have never tried to access the sonicwall remotely. I do have to access the WiFi router remotely and internally. This has been working for the past 2 or 3 years, then the modem died. When it was replaced last week, nothing has worked correctly. Since no one had the password to the sonicwall, I reset it. Now I am trying to figure out how it was set up.

I really appreciate the help!

-Wes-


----------



## Wand3r3r (Sep 17, 2010)

Here would be an example of correct ip addressing

cable modem [192.168.100.1]<>sonicwall wan [72.11.xx.202]sonicwall lan [192.168.89.*5*]<>wifi router wan [192.168.89.*6*] wifi router lan [192.168.17.1]

wifi router dhcp server would have a scope of 192.168.17.2-254. You would not include .1 since it is assigned to the router.

You can not use 0 or 255 for last octet ips since one is the network id and the other is the broadcast id.

You can not have the same ip address on wan and lan as per your example of what is between the sonicwall and wifi router.

Once you have everything configured properly you need to turn off the dhcp server on the sonicwall. The wifi routers wan port should have a static ip assigned.


----------



## Sandkid (Sep 21, 2012)

Okay, I think I have it straight. I don't have a cable modem - it is a T-1 modem, but that shouldn't matter. I do remember that the wifi router uses .2-.254, so that should also be okay.

You mentioned turning off the dhcp server on the sonicwall. I see a screen called DHCP Server Settings. I can uncheck the box for "Enable DHCP Server". Do I want to check the box for "Allow DHCP Pass Through"?

To log into the wifi router, I need to have port 3456 open. That is the last step (I hope). Am I correct in assuming that this must be done in the sonicwall? I looked around at most of the menus, but am not sure how this is done. I have a sonicwall TZ 180 Wireless.

Once again, I really appreciate your help!

-Wes-


----------



## TheCyberMan (Jun 25, 2011)

Connect ethernet cable from modem to sonic wall WAN port.
On the sonicwall WAN setting set it to static ip.

set ip address: 72..11.xx.202
Subnet mask: 255.255.255.252
Gateway: Supplied by your ISP
Primary DNS: Supplied by your ISP
Secondary DNS: Supplied by your ISP

Sonicwall Lan IP address: 192.168.89.5

Wi-fi router WAN settings set to static ip.

Ip Address: 192.168.89.6
Subnet mask: 255.255.255.0
Gateway: 192.168.89.5
Primary DNS: Supplied by ISP
Secondary DNS: Supplied by ISP

Disable DHCP server on sonicwall Lan.


----------



## Sandkid (Sep 21, 2012)

Thanks, CyberMan. I have that part. I am trying to figure out how to open a port so I can log into the WiFi router both remotely, and from within the WiFi network. 

This setup has been working for several years. The problem arose when the T-1 modem died. I would have thought that the settings in the SonicWall would have remained the same. When the modem was replaced, I couldn't get internet access to the WiFi. So I reset the Sonic Wall. I have the internet part working fine. Remotely, I used to log into the WiFi by going to http://72.11.xx.202:3456/ADMIN/INDEX.HTM . Now, I can't do that. Nor can I log in internally, which was http://192.168.89.5:3456/ADMIN/INDEX.HTM . These url's, as well as the static IP from our ISP and settings for the WiFi router are the only things I know for sure. I have never seen the settings inside the SonicWall.

I have everything set up as you indicated, yet I can't log into the WiFi router. I assume that it is because the 3456 port isn't open. Any suggestions?

Thanks!


----------



## TheCyberMan (Jun 25, 2011)

You will need to create a service object for the TCP port 3456.

Create an address object for the wifi-router using the 192.168.89.6 address for it's WAN port.

You will need to create a NAT policy.

Source: Any( you can change this to a specific static ip if you have one or hostname if created in address objects with the relevant info)
Translated Source: Original
Destination: WAN Primary IP
Translated Destination: 192.168.89.6(or hostname you gave it in address objects)
Service: 3456(or service name you gave it)
Translated service: Original

Inbound interface: X1
Outbound interface: any

Place a checkmark in enable NAT policy

Click ok.

Create NAT policy for internal sonicwall computers to have remote access.

source: Firewalled Subnets
Translated source: WAN Interface IP
Destination: WAN Interface IP
Translated Destination: Any( you can specify individual computers or a group of computers here)
Service: 3456
Translated service: Original

Inbound Interface: Any
Outbound Interface: Any

Place a checkmark to enable NAT policy

Click ok.

Create firewall rule.

Create a WAN to Lan rule.

Check Allow.

Service: 3456(or service name)
Source: Any(specify individual computer or a group of computer address objects here to lock down access to specific devices).
Destination: WAN Interface IP

Click ok.

Restart sonicwall.

Forward port 3456 in the wi-fi router to it's Lan ip Address.


----------



## Sandkid (Sep 21, 2012)

Your instructions appear to be very concise, but I can't find anywhere to do any of the steps. Maybe the problem is with the OS - I only have SonicOS Standard. I can find references to some of your steps in SonicOS Enhanced. I am not an advanced user / programmer. Or maybe these steps are for another model?


----------



## TheCyberMan (Jun 25, 2011)

They are for sonicwall enhanced firmware but should be the same.


----------



## 2xg (Aug 5, 2009)

Hello,

In addition....I am sure that you have a support agreement with Sonicwall if not there's no way that you'll be able to do firmware updates. Their support is very helpful and I've learned so much from them. I've called them countless of times before and they were able to guide me step by step, they can also do a remote access in your computer.

Just my thoughts and to save you some headaches. :grin:


----------



## Sandkid (Sep 21, 2012)

I don't have a support agreement. I am not sure how old this firewall is, but when I tried to register it, I received the message that the serial number wasn't found. Not good! I sent their support a message to see what could be done. I would like to upgrade the OS to the Enhanced, if possible. Otherwise, I will have to figure out a work-around to get the port opened again. It was working before, so there must be a way to do it again. 

As to the headaches, well, I have had a nice one for several days now!


----------



## 2xg (Aug 5, 2009)

With any sonicwall devices a support agreement is needed for the firmware update. Perhaps the answer to your concern might have been installing a new firmware. Have you also tried resetting your device to the factory default, make sure to back up the current setting first.

Also, please check out this link on how to convert SonicOS Standard to Enhanced. Your call...I hope all goes well.


----------



## TheCyberMan (Jun 25, 2011)

The link below is for sonic wall OS standard for connecting to a internal server but you can use the settings from my post for setting the NAT policy and firewall rule and modify.

UTM: How to map a unique public IP address (1-2-1 Nat) to a Internal Server's Private IP in SonicOS ...

*Edit:* Speaking to sonicwall and getting a subscription so you can have the enhanced OS firmware would be more secure and give greater control follow 2xg's advice and use the above as temporary fix.


----------

