Fix: Configuring SonicPoint APs on a SonicWALL TZ on a **Shared Interface**

Here’s 3 hours of mine and another Engineer’s lives that we’ll never get back… so if you do run across this configuration, this should save you some time.  Here’s the scenario:

You have:

1 x SonicWALL TZ210

4 x SonicPoint wireless access points

1 x PoE switch, shared with both the SonicPoints and a few wired LAN clients


Due to having been completely locked out of all interfaces and all protocols by the previous IT company (morons) and because we didn’t have a console cable anywhere nearby (d’oh!), we had to factory reset the SonicWALL TZ210.  It was only at that point that we realized that the SonicWALL TZ210 also had four (4) SonicPoints that used to be bound to it (thanks to correct labeling in the MySonicWALL portal).  We attempted to get the TZ210 to recognize the SonicPoints (we even factory reset a SonicPoint), but they never showed up in the web UI:

So, here’s your problem… the SonicPoints will not talk to the TZ210 unless they are plugged into an interface designated as a WLAN (wireless LAN) interface.

If you were setting this up from scratch, you would want to design your network in such a way that the SonicPoints were on one PoE switch attached to an X2-X6 interface, and the LAN clients were on a different non-PoE switch connected to the X0 (LAN) interface.  You would then designate the interface to which your PoE switch and SonicPoints are connected as being in the WLAN zone.  Here’s a good site documenting that process:

…but, since we didn’t have two switches, we were up a creek.  Oh, and did I mention that putting a SonicPoint into standalone mode is not supported by SonicWALL?  Major bummer, dude!  So, these were our choices:

If we plugged the PoE switch with the SonicPoints and the wired LAN clients to X0, the SonicPoints would not be recognized.

If we plugged the PoE switch with the SonicPoints into an X2-X6 interface which was designated as a WLAN, then the wired LAN clients would not be able to get out of that interface to the Internet.

One SonicWALL case and one undocumented setting later (correction: the Murphy is strong today (Friday the 13th?)… see the last paragraph for the link to the KB article), it’s working.  Here’s how:

1) Log into the TZ210, and, once logged in, substitute main.html in the address bar for diag.html, which brings you to this page:


2) Click the “Internal Settings” button, scroll down to the Wireless Settings section, and check the box for “Enable local wireless zone traffic to bypass gateway firewalling,” and then be sure to scroll back up and hit Apply:


    Don’t forget:


3) Hit the “Close” button on the diag.html page, which then takes you back to the normal interface… go to Network > Zones and edit your WLAN zone to match the following settings:


    Now, on the Wireless tab, you’ll have a new checkbox:



    Don’t forget:


4) Now, change an interface (in this case, X2) to the WLAN zone, and plug the uplink from your PoE switch (which, again, has the SonicPoints and some wired LAN clients attached) into said interface you just configured as follows:


…and Murphy’s law states that as soon as I put this together, I’d find a KB article that SonicWALL didn’t mention, even when I’d asked tech support, “Is there some sort of article or walkthrough I can follow?”

Anyway, their KB article doesn’t actually bridge the new interface to the X0 interface… mine does… and it still works.  Nyah.

Hope this helps save you some time when configuring non-optimal SonicWALL-based networks :-)

21 responses
This article is the bomb!
Great work!! Glad I found this!!!
Nice find here...was a pain the A** when had multiple SP's and some would just become non-responsive.
Thank You!!!!!!! Saved me countless hours
Thank you for linking my site, I appreciate it and I hope it's been helpful.
So you used only the X0 interface with the switch and the Sonicpoints would provision?
There are a couple of nuggets of info on this "internet thingy" that really explain the problem you are dealing with and how to fix it step by step. I can't tell you how many hours I've monkeyed with this configuration and just threw my hands up and set the SonicPoint as a standalone. This article made my week! Thanks for taking the extra time to document it.. I know alot of times you fix a problem and say "I'll never see that one again"!


I stumbled around for days. Got everything working just the way I wanted it. Thanks for sharing!
This post helped me very much. I couldn't figure out why the Sonicpoints were not detected but your post got it. Thanks.
I think I can't find the right words to express my gratitude for the Information you provided here. I mean, is it that unusual to have Wifi and LAN combined in one network?
I've got a TZ 215 running SonicOS I got this to work without changing the "bypass gateway firewalling" setting. I bridged X0 with X2, but before I was allowed to bridge X0 with anything I had to remove X2-X6 from the default portshield group. Unchecking the "only allow traffic generated by a SonicPoint" rule was necessary to allow LAN traffic on the new X0-X2 bridge. Allowing interface trust only allows WLAN > LAN traffic in the firewall rules, so that is not even necessary if your wifi devices only need internet access.
One thing to keep in mind when setting these up on a network that has a VPN back to another location is to make sure and create rules within the firewall to allow all connections (use caution, secure this connection). Create rules going from VPN>WLAN and WLAN>VPN. This will enable access to all network resources so you can set up network folders and such. Ran into this issue myself... it was a duh moment, but something I overlooked. Thanks for the article.
I like your writing style and thank you very much for putting this together.
Using your article, I was able to get a SonicPoint ACi working with the access point sharing the LAN network. I found one interesting bug in the firmware on the TZ500 and this is a caution to others using this article: at the point where I bridged the WLAN onto the LAN as outlined above, the DHCP dynamic range for the LAN was overwritten and over-broad. I have a fair number of static assignments in my DHCP settings, and those remained but were pre-empted by the new dynamic range that essentially covered the entire address space of the subnet. Second item is what I'm trying to do now: I want to create a guest network, not using SonicWALL's guest stuff, but what I do with any other access point, mapping an SSID to a zone and controlling it. With other APs, I do this by mapping an SSID to a VLAN, then set up a matching VLAN in the SonicWALL. Has anyone using this bridged method of setup of the AP also been able to get the SonicWALL setup to do a second SSID mapped into a different zone? I don't care if it's by VLAN or what, just so long as the result is as desired.
Doesn't seem to work with TZ215 on and ACi SonicPoints.
Realize this is an old post but did you connect both X0 and X2 or would the SonicPoints provision using X0 only?
I have a question really. when you got this set up, you said that you only had the one PoE switch. Does that mean that you completely unplugged the X0 and plugged the switch into the X2 (or X3, whatever)? Did you effectively make the X2 into your LAN with WLAN capabilities and use just one subnet? Or did you just allow two subnets so that they would talk to each other? It seems that I need at least one WLAN connection to share the same subnet that the LAN is using. (The software on the LAN computer won't find the wireless device if it not on the same subnet.) I was hoping that I could use your solution to get it so that my SonicPoint's clients would show up on the LAN. Thanks for the article, and thanks in advance. Bill Brown
4 visitors upvoted this post.