[Turbanator]

Quote:

We're now moving to a much larger premises and have decided to invest in IT infrastructure, hope the price is continuing and no surprises in store when I ask for a quote

Yes, Sonicwall is competitive. Just ensure that you negotiate prices with 3 Year service subscription terms.

[Samurai]

I need a Firewall with Wifi at my home, so that I can access my office network over Wifi. However, I only have spare Sonicwall TZ105 and SOHO lying around the office, which don't have Wifi ability. Yes, I can connect a wifi router to it. But every wifi router I find in the local market have only routing mode and not bridging mode. I remember seeing wifi routers with bridge+route mode even a decade ago. But I don't see them at all these days.

Usually, a typical Wifi router has two networks, a WAN and a LAN. Since I am connecting the Wifi router to my Sonicwall firewall, the WAN is already a LAN. I don't need another LAN. So I want Wifi router to be setup as a bridge, that means a single LAN.

Just to be clear, I am not trying to connect two wifi routers in bridge mode. Instead, I am trying to create a wireless bridge using a single wifi router. I know I can overwrite the router firmware with DD-WRT and get the bridge mode. But I am keeping that as last resort.

Are there any wifi routers available in India with bridge mode?

[Samurai]

Oh, I found the solution. The bridge mode is same as AP or Access Point Mode. I just need to buy a wifi router with AP mode. Then I have quite a bit of choice.

[Traveler]

Actually you can buy any off the shelf wifi route and configure it just for the wifi part. You will then need to connect one of the LAN ports behind the wifi router to the Sonicwall LAN ports. Finally disable the inbuilt dhcp server on the wifi router so that the Sonicwall can act as the default gateway and dhcp server. Leave the WAN port of the wifi router unplugged. This works with most TP-Link routers. If you need any help just send me a PM and I can help you set it all up.

[Samurai]

Quote:

Originally Posted by Traveler

You will then need to connect one of the LAN ports behind the wifi router to the Sonicwall LAN ports. Finally disable the inbuilt dhcp server on the wifi router so that the Sonicwall can act as the default gateway and dhcp server. Leave the WAN port of the wifi router unplugged.

Oh, yeah. That's very clever. Just treat it like a dumb Ethernet switch. I got it, that makes it very simple.

Quote:

Originally Posted by Traveler

If you need any help just send me a PM and I can help you set it all up.

Thanks, I think I can manage the rest, I wear a network engineer hat whenever required.

[Traveler]

You are welcome. I have configured wifi routers like i explained many times to extend coverage in large spaces and it works perfectly.

Just one more thing, in the Wan connection type option just choose the "Disabled" option or if there is no such option then leave it as it is. With the Wan port disabled it will function just as a wireless switch.

Never thought my past experiences in running an ISP would be useful at Team-BHP, but who knew 😀

[Samurai]

Quote:

Originally Posted by Traveler

Never thought my past experiences in running an ISP would be useful at Team-BHP, but who knew 😀

We have all kinds complex technology threads on TeamBHP.

1) Check out how I learned to setup a wifi bridge over 760 meters back in 2007. It is still working after 11 years.
2) How to terminate E1 PRI.

[Traveler]

Quote:

Originally Posted by Samurai

We have all kinds complex technology threads on TeamBHP.

1) Check out how I learned to setup a wifi bridge over 760 meters back in 2007. It is still working after 11 years.
2) How to terminate E1 PRI.

Wow, thanks. I will go through the links. Great to know the diversity of this forum, never out of surprises.

[Samurai]

I have a firewall question, after a long time. As everyone is working form home, I used to give a SonicWALL SOHO or TZ105 for their home, so that they can be on site-to-site VPN for their multiple devices (PC/Laptop/IP phones). Just found out that even SOHO is discontinued. The SOHO used to be 17.5 + GST last time I bought. The cheapest option now is SOHO 250, which is 2.3 times more expensive than the older model. That rules out giving SOHO 250 to each employee.

Frankly, I don't need to give a full blown sonicwall appliance to each WFH employee.

What inexpensive home based VPN appliance is available than can be used for connecting to office Sonicwall device? Preferably site-to-site VPN. The office Sonicawall supports L2TP, which a legacy protocol I rather not use.

I am avoiding software VPNs like Global VPN Client and NetExtender/Mobile Connect because of multiple device requirement.

Edit: Of course, I can buy a Raspberry Pi and install PFSense on it.... that would be a DIY.

Edit2: This one from Linksys looks like is a good option.

[Samurai]

I ordered the Linksys LRT224 Dual WAN Business Gigabit VPN Router, it was available from my local vendor for 16.5K, that's a good price.

[Turbanator]

Quote:

Originally Posted by Samurai

Frankly, I don't need to give a full blown sonicwall appliance to each WFH employee.

What are your views on the Microsoft inbuilt VPN? We log into Azure via Sonic at offices but for WFH laptops, have configured Microsoft VPN.

[Samurai]

Quote:

Originally Posted by Turbanator

What are your views on the Microsoft inbuilt VPN? We log into Azure via Sonic at offices but for WFH laptops, have configured Microsoft VPN.

Well, since you mention Sonicwall, You probably are using the this software from the Microsoft store, or something similar.



Well, it is very similar to using a sonicwall appliance, but with some difference.

1) Only your laptop can talk to you Azure cloud. An hardware appliance will allow multiple devices the same privilege. Some companies don't want to allow that.
2) The software VPN allows Sandboxing, shuts off the laptop from every other network. I actually hate it.

[Turbanator]

Quote:

Originally Posted by Samurai

You probably are using the this software from the Microsoft store, or something similar.

Yes, this and default windows VPN for Azure. For WFH, it works well for VOIP over the computer, ERP or any such similar application.

But if you have a physical VOIP phone, this may not be useful and you will need to have a device.

In any case, I am the last person who can suggest you something on the subject given your expertise in the field

[fine69]

I have an office desktop on which I want to restrict the staff's internet access to only the accounting software and nothing else.

I mean the basic windows update, antivirus etc. could also have net access but I don't want them to be using any browser etc. for net surfing.

I researched online and there's policy that I can define at server level but here these desktops aren't part of any network. These are standalone desktops with genuine Windows 10, genuine Microsoft Office and accounting software only.

I tried the tricks around blocking ports but either nothing was working or everything was working i.e. had internet access.

I'm now out of options, please suggest bhpians!

[lxskllr]

How about setting up a basic user profile and one admin. You uninstall the browser applications (internet explorer, edge, chrome) on the basic user profile and hand over this to your employee? If the employee tries to install any applications it will prompt for admin rights. Next, also setup windows firewall to only give access to those apps you allow for.

This may not be fool proof, but commenting to know the solution as well!