NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RAX30 in AP mode and Paloalto firewlal setup
Hello,
wondering if anyone has experience setting up RAX30 in AP mode connected to PAloalto firewall.
There is a PA article explaining it (and use VLAN to connect wifi device) but would like to see if there is any other option available.
This can be any other firewall vendor not just PA..
Appreciate any assistance.
Thank you for your reply; i find it more easily to just use router in router mode, connect Internet port to firewall' available port, setup IP on firewall port and make sure all policies are up to date.
So my setup looks like this:
RAX30 WAN port (10.1.1.222/25, GW 10.1.1.1) ---->>---- PAN Eth3 (IP assigned 10.1.1.1), in zone WIFI; added to default router. Sec policies configured accordingly. NAT policy use the same Internet facing IP as PAN' WIRED zone.
RAX30 (WIFI) IP 192.168.1.1, clients are getting IPs from dhcp range 192.168.1.2-50.
No issues with internet access.
Thank you again for comments.
4 Replies
You'll need to make contact wth the Mfr of that firewall for there help and support with there product.
Here is article for configuring the RAX for AP mode:
https://kb.netgear.com/20927/How-do-I-change-my-NETGEAR-router-to-AP-mode
moreplovac wrote:
There is a PA article explaining it (and use VLAN to connect wifi device) but would like to see if there is any other option available.
Is this the Palo Alto: https://www.paloaltonetworks.com/network-security/next-generation-firewall ?
It would help to have a link to that article.
Netgear customers have connected almost every model of WiFi router to network firewall devices.
- When left in the default 'router mode', the Netgear device functions normally, with the obvious limitation that it creates a LAN separate from the primary network. If there is no need for devices connected to the Netgear router to communicate with devices on the primary network, "job done".
- If there is a need to have devices connected to the Netgear router communicate with devices on the primary network, the solution is to place the Netgear router in 'access point mode' (AP mode), which means that the primary network DHCP server will provide IP addresses to devices connected to the Netgear router. There is no need for any sort of VLAN. (I think you will find that in AP mode, VLAN options are not available because the device is no longer performing Network Address Translation (NAT).)
Thank you for your reply; i find it more easily to just use router in router mode, connect Internet port to firewall' available port, setup IP on firewall port and make sure all policies are up to date.
So my setup looks like this:
RAX30 WAN port (10.1.1.222/25, GW 10.1.1.1) ---->>---- PAN Eth3 (IP assigned 10.1.1.1), in zone WIFI; added to default router. Sec policies configured accordingly. NAT policy use the same Internet facing IP as PAN' WIRED zone.
RAX30 (WIFI) IP 192.168.1.1, clients are getting IPs from dhcp range 192.168.1.2-50.
No issues with internet access.
Thank you again for comments.
I neglected to mention one other consideration: the dreaded "Double NAT".
There are specific applications which suffer when the user has connected two 'routers' together. Both routers perform Network Address Translation on connections, which makes connecting TO a device on the second router much more complicated. (Internet search will provide lots of examples.) These specific applications include things like hosting a server for access from the internet, accessing the LAN from the internet using OpenVPN, certain types of internet gaming, etc.
As long as these WiFi devices are not attempting to use those specific applications, there should be no problem.
