Well, I just picked up a TZ170 (Since I couldn't get the power-supply-fried one from Meatballman to work) and I'm messing with it. I like its user interface, and even if the default settings might not be ideal, at least there is a large array of powerful settings, and what they're all set to is very clear. So for someone who knows what they're doing, that's a good thing.

Now. About the "knows what they're doing" part... I've never actually done this before. *gasp*

I'm trying to do the idea you suggested earlier in the thread: Making this sonicwall be purely a dedicated VPN enpoint sitting in a DMZ on the LAN.

I have a couple rather silly basic questions about how to do that, exactly. I wonder if anyone knows the answers to these questions.

The first question is physical connections:

My internet gateway has only a WAN port and a few LAN ports. (No dedicated DMZ port.) Its connections currently go like this:

ADSL Line -> internet gateway WAN port -> Gateway box -> Gateway LAN port -> the hub for the internal company LAN.

So when I plug this new VPN rounter in, do I run one cable from its WAN port into the hub, and also run one cable from one of its LAN ports into the same hub?

The second question is addressing:

I can set up the VPN router with a WAN address and a gateway on its WAN side. Let's say that my existing internet gateway has a public-facing WAN IP address of 69.125.107.154, and that my DSL provider gives us a pool of 5 static IP addresses and I want to use the next address in the pool, 69.125.107.155, as the DMZ address, having all traffic directed to that address get sent to the VPN router.

So do I tell the VPN router that its WAN address is 69.125.107.155 with a gateway of 69.125.107.154?

Or, since the VPN appliance is actually internal to the network, should those be set to *internal* addresses in the 192.168.x.x range?