SonicWall access LAN via SonicPoint wireless Access point
SonicWall doesn’t want you to access your LAN via a SonicPoint wireless access point, but they don’t tell you that. You might be expecting to be able to access your LAN after you’ve connected and set up your SonicPoint. Even though you can reach the Internet, you’ll discover that LAN access is elusive. Configuring access rules and Zones and Guest Services doesn’t help. Apparently the way SonicWalls are designed to operate is to allow Internet Access, but to deny LAN access. Anyone who wants LAN access via internal wireless will have to use a VPN. This can be a real pain, but is definately more secure.
Here are quick and dirty instructions on how to get your Sonicpoint WLAN network to communicate with your LAN. Be aware that this weakens the security for this connection. This assumes that you already have the SonicPoint connected and set up, and can access the internet through it.
- Login to your Sonicwall via browser, then change the address from https://192.168.1.1/main.html to https://192.168.1.1/diag.html (caution! Diagnostic Mode)
- Choose “Internal Settings” on the left side of the page.
- Three quarters of the way down you will see the “Wireless Settings” section. Under that check the setting ”Enable Local Wireless Zone Traffic To Bypass Gateway Firewalling”, and then click “Accept”
- Go back to “main.html”.
- Under Network section, go to “Zones”
- In the WLAN Zone, under the General tab, make sure that “Allow Interface Trust” is checked
- Under the Wireless Tab, uncheck “Only allow traffic generated by a Sonicpoint/SonicpointN” and check “Enforce local wireless zone traffice to bypass gateway firewalling”, and then click OK.
- Under the Network section, go to Interfaces, and Configure the interface for the Sonicpoint.
- Change the Zone to “WLAN”, if it is not already
- Change the IP Assignment to “Layer 2 Bridged Mode”
- Change “Bridged To” to “X0” or whatever your LAN is.
This will cause the Sonicpoint to reboot. Once you connect to it again, you should be able to access your local LAN resources.