The SonicWALL TZ 210 / TZ 210 Wireless-N (Network Security Appliance) does not support the Windows Home Server automatic router configuration over UPnP standards. Given the relative complexity of the SonicWALL TZ 210 appliance we are illustrating a typical deployment with one public WAN IP address and segregated WLAN and LAN networks.
Manufacturer: SonicWALLModel: TZ-210 / TZ-210 Wireless-NFirmware Version: SonicOS Enhanced 5.3.0.0-16o
The SonicWALL TZ 210 adds high-performance dual GbE interfaces for WAN and primary LAN (independent or part of a configurable 5-port Fast Ethernet switch). We recommend connecting a GbE switch into the LAN port of the SonicWALL TZ 210 appliance.
a) For best performance, the Windows Home Server and clients should be connected to the 1000Mbps switch and not the configurable 5-port switch on the back of the SonicWALL appliance.
b) Open your web browser and navigate to http://192.168.168.168, the first time you log into the SonicWALL, the Setup Wizard is launched automatically.
c) Choose "Office Gateway" to provide secure access to wired and wireless users.
d) When using a PPPoE connection ensure the "Inactivity Disconnect" is not enabled.
e) Specify the SonicWALL LAN IP Address: "192.168.168.168" is the default used by SonicWALL. For the purpose of this wiki we are assigning the SonicWALL LAN IP Address of 10.0.0.168.
f) Configure the DHCP Server- be sure to exclude the SonicWALL's gateway address from the LAN Address Range.
g) Configure the WLAN Radio Settings (WLAN and LAN will be on separate networks).
h) Set the configurable 5-port Fast Ethernet switch to Default WAN/LAN Switch.
i) Apply the SonicWALL Configuration settings.
In the SonicOS, an Address Object is one of four object classes (Address, User, Service and Schedule). These Address Objects allow for entities to be defined one time, and to be re-used in multiple referential instances throughout the SonicOS interface.a) Open your browser and navigate to your SonicWALL LAN IP Address. Authenticate with the password information set during the Setup Wizard. Expand the Network node on the left hand side navigation menu and click on “Address Objects”.
b) Under the Address Object section, click on “Add..” and add the following Address Entry, where IP Address refers to the IP address we will assign to the Windows Home Server.
Name: HomeServerZone Assignment: LAN (The WHS is connected to the GbE switch on the LAN side)Type: HostIP Address: 10.0.0.1
a) Expand the Network node and click on “DHCP Server”.
b) Under DHCP Server Lease Scopes click on “Add Static” and reserve a IP address for your Windows Home Server based on the MAC Address. The static IP Address must be the same IP address assigned to your Windows Home Server address object during step 2.
c) Save and verify these settings are in effect before proceeding to the next step. If necessary reboot your Windows Home Server to obtain the reserved IP address over DHCP.
The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT polices for their incoming and outgoing traffic. By default, the SonicWALL TZ 210 security appliance has a preconfigured NAT policy to allow all systems connected to the X0 interface to perform Many-to-One NAT using the IP address of the X1 interface, and a policy to not performNAT when traffic crosses between the other interfaces.
a) Expand the Network node and click on “NAT Policies”.
b) Add a new NAT Policy entry for HTTP (TCP 80)
c) Add a new NAT Policy entry for HTTPS (TCP 443)
d) Create a new NAT Policy entry for RWW (TCP 4125). The RWW service is not already defined under services, select "New Service" in the Original Service drop-down menu to create the RWW service entry. Then complete the NAT Policy entry using the RWW service definition.
a) Expand the Firewall node and click on the “Acces Rules” section. In the Access Rules matrix click on from WAN to LAN.
b) Add a new firewall rule for HTTP
c) Add a new firewall rule for HTTPS
d) Add a new firewall rule for RWW
By now you have already written the policies and rules needed so that outsiders can get to the Windows Home Server using its domain name (http://example.homeserver.com) or your public WAN IP. The Windows Home Server is really running on a private side server 10.0.0.1.Now imagine that you are a person using a laptop on the private side, with IP of 10.100.0.201 (Remember the SonicWALL SonicOS separates LAN and WLAN into different networks). You want to reach the server using its public name. If you sit on the private side and request http://example.homeserver.com , loopback is what makes it possible for that to work, even though the server is actually right next to you on a local IP address.
To configure loopback you need a custom NAT policy like this:Original Source: LAN SubnetsTranslated Source: WAN Primary IPOriginal Destination: WAN Primary IPTranslated Destination: HomeServerOriginal Service: AnyTranslated Service: OriginalInbound Interface: AnyOutbound Interface: Any
Configure IP Helper to allow WLAN to talk to the LAN (i.e. Laptop to talk to Windows Home Server).
a) Expand the Network node and click on the “IP Helper” section and configure the following IP Helper Policies:
b) Expand the Firewall node and click on the “Acces Rules” section. In the Access Rules matrix click on from WLAN to LAN and add a Firewall rule to allow WLAN -> LAN communications.
You cannot connect to a computer that is running Windows Home Server on a different subject then the computer that you are using. By default, the Windows Home Server built-in windows firewall is configured to accept connections only from computers that are on the same subnet.The SonicWALL TZ 210 Security Appliance segregates LAN and WLAN into different subnets. For the WHS to accept connections from computers that are on a different subnet – for example attempting to connect from the WLAN to the Windows Home Server connected to the LAN – you must configure the Windows Firewall to allow connections from the 10.1.1.x wireless WLAN to the LAN 10.0.0.x on the Windows Home Server computer.
All done! After you configured your SonicWALL TZ 210 / TZ 210 Wireless-N (Network Security Appliance) for Remote Access you should test the remote connectivity from within your home and from outside of your home.