Thank you for your reply; i find it more easily to just use router in router mode, connect Internet port to firewall' available port, setup IP on firewall port and make sure all policies are up to date.
So my setup looks like this:
RAX30 WAN port (10.1.1.222/25, GW 10.1.1.1) ---->>---- PAN Eth3 (IP assigned 10.1.1.1), in zone WIFI; added to default router. Sec policies configured accordingly. NAT policy use the same Internet facing IP as PAN' WIRED zone.
RAX30 (WIFI) IP 192.168.1.1, clients are getting IPs from dhcp range 192.168.1.2-50.
Netgear customers have connected almost every model of WiFi router to network firewall devices.
When left in the default 'router mode', the Netgear device functions normally, with the obvious limitation that it creates a LAN separate from the primary network. If there is no need for devices connected to the Netgear router to communicate with devices on the primary network, "job done".
If there is a need to have devices connected to the Netgear router communicate with devices on the primary network, the solution is to place the Netgear router in 'access point mode' (AP mode), which means that the primary network DHCP server will provide IP addresses to devices connected to the Netgear router. There is no need for any sort of VLAN. (I think you will find that in AP mode, VLAN options are not available because the device is no longer performing Network Address Translation (NAT).)
Thank you for your reply; i find it more easily to just use router in router mode, connect Internet port to firewall' available port, setup IP on firewall port and make sure all policies are up to date.
So my setup looks like this:
RAX30 WAN port (10.1.1.222/25, GW 10.1.1.1) ---->>---- PAN Eth3 (IP assigned 10.1.1.1), in zone WIFI; added to default router. Sec policies configured accordingly. NAT policy use the same Internet facing IP as PAN' WIRED zone.
RAX30 (WIFI) IP 192.168.1.1, clients are getting IPs from dhcp range 192.168.1.2-50.
I neglected to mention one other consideration: the dreaded "Double NAT".
There are specific applications which suffer when the user has connected two 'routers' together. Both routers perform Network Address Translation on connections, which makes connecting TO a device on the second router much more complicated. (Internet search will provide lots of examples.) These specific applications include things like hosting a server for access from the internet, accessing the LAN from the internet using OpenVPN, certain types of internet gaming, etc.
As long as these WiFi devices are not attempting to use those specific applications, there should be no problem.
