Well, I just picked up a TZ170 (Since I couldn't get the power-supply-fried one from Meatballman to work) and I'm messing with it. I like its user interface, and even if the default settings might not be ideal, at least there is a large array of powerful settings, and what they're all set to is very clear. So for someone who knows what they're doing, that's a good thing.
Now. About the "knows what they're doing" part... I've never actually done this before. *gasp*
I'm trying to do the idea you suggested earlier in the thread: Making this sonicwall be purely a dedicated VPN enpoint sitting in a DMZ on the LAN.
I have a couple rather silly basic questions about how to do that, exactly. I wonder if anyone knows the answers to these questions.
The first question is physical connections:
My internet gateway has only a WAN port and a few LAN ports. (No dedicated DMZ port.) Its connections currently go like this:
ADSL Line -> internet gateway WAN port -> Gateway box -> Gateway LAN port -> the hub for the internal company LAN.
So when I plug this new VPN rounter in, do I run one cable from its WAN port into the hub, and also run one cable from one of its LAN ports into the same hub?
The second question is addressing:
I can set up the VPN router with a WAN address and a gateway on its WAN side. Let's say that my existing internet gateway has a public-facing WAN IP address of 69.125.107.154, and that my DSL provider gives us a pool of 5 static IP addresses and I want to use the next address in the pool, 69.125.107.155, as the DMZ address, having all traffic directed to that address get sent to the VPN router.
So do I tell the VPN router that its WAN address is 69.125.107.155 with a gateway of 69.125.107.154?
Or, since the VPN appliance is actually internal to the network, should those be set to *internal* addresses in the 192.168.x.x range?