NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

moreplovac's avatar
moreplovac
Aspirant
Oct 23, 2024
Solved

RAX30 in AP mode and Paloalto firewlal setup

Hello,   wondering if anyone has experience setting up RAX30 in AP mode connected to PAloalto firewall. There is a PA article explaining it (and use VLAN to connect wifi device) but would like to ...
  • moreplovac's avatar
    moreplovac
    Oct 23, 2024

    Thank you for your reply; i find it more easily to just use router in router mode, connect Internet port to firewall' available port, setup IP on firewall port and make  sure all policies are up to date. 

     

    So my setup looks like this:

    RAX30 WAN port (10.1.1.222/25, GW 10.1.1.1) ---->>---- PAN Eth3 (IP assigned 10.1.1.1), in zone WIFI; added to default router. Sec policies configured accordingly. NAT policy use the same Internet facing IP as PAN' WIRED zone. 

     

    RAX30 (WIFI) IP 192.168.1.1, clients are getting IPs from dhcp range 192.168.1.2-50.

     

    No issues with internet access.

     

    Thank you again for comments.

     

     

     

     

     

moreplovac's avatar
moreplovac
Aspirant
Oct 23, 2024

Thank you for your reply; i find it more easily to just use router in router mode, connect Internet port to firewall' available port, setup IP on firewall port and make  sure all policies are up to date. 

 

So my setup looks like this:

RAX30 WAN port (10.1.1.222/25, GW 10.1.1.1) ---->>---- PAN Eth3 (IP assigned 10.1.1.1), in zone WIFI; added to default router. Sec policies configured accordingly. NAT policy use the same Internet facing IP as PAN' WIRED zone. 

 

RAX30 (WIFI) IP 192.168.1.1, clients are getting IPs from dhcp range 192.168.1.2-50.

 

No issues with internet access.

 

Thank you again for comments.

 

 

 

 

 

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Oct 23, 2024

    I neglected to mention one other consideration: the dreaded "Double NAT".

     

    There are specific applications which suffer when the user has connected two 'routers' together.  Both routers perform Network Address Translation on connections, which makes connecting TO a device on the second router much more complicated.  (Internet search will provide lots of examples.)  These specific applications include things like hosting a server for access from the internet, accessing the LAN from the internet using OpenVPN, certain types of internet gaming, etc.

    As long as these WiFi devices are not attempting to use those specific applications, there should be no problem.