Ap320 How To Set Up
Hi All, I've really been struggling trying to get this thing configured. I have read pretty much all forums, watchguard how to's etc. And still can't figure this out.
Maybe I am just confused.I purchased a used XTM25, I am not subscribed to any services and just want to use this as a basic hardware firewall that protects the network. In a setup as you have it now, you need to turn off NAT on the WatchGuard, else your wireless clients won't be able to communicate to anything behind the WatchGuard without SNAT rules. And you really don't want to try setting them up for an internal network. With NAT off, you would have to add static routes on the Asus, so it knows where to send packets for networks 10.x.x.x.The simplest is the solution ChipG (and possibly someone else also) already proposed - move the Asus behind the WatchGuard, turn off DHCP on it and let it be just an AP.
You need to connect the Asus with a LAN port to the WatchGuard, not with the WAN port (not sure, if the WAN port becomes a LAN port, once switched to AP mode).So let the WatchGuard do the DHCP stuff. Clients will connect to the Asus and send a DHCP request, that will be answered by the WatchGuard, giving the mobile clients an IP address from the network it is connected to.The trusted networks you have are each separate networks. To make them 'see' each other, you need to add some firewall rules for the traffic you want to allow between them. Just for testing, you could allow anything between them by adding an 'Any' packet filter and listing 'Any-Trusted' in the From: and To: fields. Once this works for you, you can replace the 'Any' rule with more specific ones.
Yes I have all the default policies, which are TCP/.UDP All trusted to External, I read on a forum that I should also create one for DNS? All trusted to External. Not sure.Yes the idea was to hang a Wireless router in AP mode off of the device, If I don't need the router in front of the Firewall, I can do that as well, I wasn't sure if connecting to the AP would by pass the firewall if it wasn't physically behind it?I did attempt to set the Firewall up directly after the ISP Modem, that gave me the public IP, but I continued to have the same issues after the fact.Here is what I know I should be doing, or can do. Please correct me.Modem - Firewall- LAN with Switch, then AP connected to the switch?Again, I've reset this thing multiple times trying several different configurations and have spent 24 hours straight almost on this and still can't get it figured out.What is the most optimal way to set this up on a home network? I am running version Firewall OS 11.7.5 I believe, Apparently I need to buy a Live Security license to upgrade it any further.Shouldn't I just be able to create a TRUSTED Interface with the IP Address of 10.0.1.1, then enable DHCP on it, broadcasting 10.0.1.2 - 10.0.1.254 and connect my switch to it and boom badda bang?
But first, I need to get the gear set up. A quick rundown of what my configuration will look like: 1 - Meru MC 500 controller running version 3.4-103 software 1 - Meru MN-AP320 1 - Meru MN-AP201RH I powered up the unit, and plugged in to it via a USB-Serial dongle. As the instructions indicated, I set up the serial port to 115200,8,N,1.
Shouldn't the internet work right of the bat? I don't understand why it takes so much configuration, or maybe the device is broken. In a setup as you have it now, you need to turn off NAT on the WatchGuard, else your wireless clients won't be able to communicate to anything behind the WatchGuard without SNAT rules.
Ap320 How To Set Up Watch
And you really don't want to try setting them up for an internal network. With NAT off, you would have to add static routes on the Asus, so it knows where to send packets for networks 10.x.x.x.The simplest is the solution ChipG (and possibly someone else also) already proposed - move the Asus behind the WatchGuard, turn off DHCP on it and let it be just an AP. You need to connect the Asus with a LAN port to the WatchGuard, not with the WAN port (not sure, if the WAN port becomes a LAN port, once switched to AP mode).So let the WatchGuard do the DHCP stuff.
You can control them in 3rd person view, as well as first person. 1st/3rd Person ControlsNot only can you defeat your enemies as a commander, but also by taking over any of your individual soldiers. TanksTake over one of your vehicles at any time and join the heat of combat during intense tank warfare! Call to arms steam. The game has no limits!
Clients will connect to the Asus and send a DHCP request, that will be answered by the WatchGuard, giving the mobile clients an IP address from the network it is connected to.The trusted networks you have are each separate networks. To make them 'see' each other, you need to add some firewall rules for the traffic you want to allow between them.
Just for testing, you could allow anything between them by adding an 'Any' packet filter and listing 'Any-Trusted' in the From: and To: fields. Once this works for you, you can replace the 'Any' rule with more specific ones. Bojan is on the right track.Start by getting the Watchguard System Manager. It will make your life MUCH easier. Then simplify the setup.Watchguard - Port 0 (ISP/WAN), Port 1 (LAN), Port 2 (Wifi)Watchguards can be configured with any port doing any job ( Numbered 0-4 on the XTM25 ). There is no dedicated WAN port like most firewalls.You just have to configure the port.Put your Asus on it's own port on the Watchguard, and set it as an AP only (this turns the WAN into another switch port automagically, so you can use it). Make sure you assign an IP address to the ASUS first so you can still access it later.Run DHCP, etc from the Watchguard.Configure Port 0 for EXTERNAL, and setup the ISP settings (static ip/dhcp/ppoe, etc)Configure Port 1 for TRUSTED, and plug your Switch in here for your LAN.
Set your Network IP address for the port (gateway address) and dhcp scope here. You can also set secondary IP ranges, QOS, etc.Configure Port 2 for BRIDGE if you want the AP to access the same settings from Port 1 without needing to configure additional IP settings. Otherwise set it to Trusted or Optional if you want the WIFI to be a separate network.if you configure Port 2 as it's own separate network, you will need to create policies/rules to allow traffic between Port 1 and Port 2. Thank you for the responses so far. I'll try moving the firewall behind the cable modem, then put the router in AP mode behind that. I'll need to do this in a few days as I have spent too much time on it so far.I did add the ANY and not making a difference, unless I entered it wrong.Trying to add the network and the OK button won't highlight, its like its not liking the way I entered it.Here is snap shot of the log, not sure how to read this but the 2-LAN is the interface. Something is getting denied.
Ap320 How To Set Up Email
You don't need to use IP address ranges for the traffic between your local network interfaces.When you configured the network interfaces, you entered a name for each. These names are aliases and can be used in your rules, making them much easier to understand on the first sight.The greyed out button you mention is because you use a HOST address and not a NETWORK address.
When you want to add a network, you would use in this case 10.0.2.0/24But as I already said, it makes more sense to use the Alias of the network, that is already offered in the window, when you click on 'Add'.You can create your own aliases and put anything you want into them. Other vendors call this 'Objects', but are much more specific on the type of Objects, often not allowing you to mix IP addresses with existing objects and usernames. Thank you for the clarification.
Ap320 How To Set Up Google
Now I can browse computers and access files from the 172.16 wireless network to the 10.0.2.x network THANK YOU! That solves one of the issues.I will revisit the physical configuration in a few days and will probably post back here if you don't mind. I've been heads down in Networking classes and about to take my Security +, then net + in a few months. All the content talks about ACL, but this firewall doesn't use ACL as it describes in the content as much as I could tell here on the watchguard device. Maybe I am not seeing it yet. I don't have a lot of experience with these hardware firewalls. I just learned to subnet and that was hard enough!
Part of the other challenge is just knowing where and how to put the information into the tools and what options to click!One last question on this issue. Why can't I get Internet access on the Interface 1 (10.0.1.1) when its configured the exact same as Interface 2? During initial set up on the firewall from a reset to defaults, interface 1 is the TRUSTED port to plug a computer so you can configure it, I had a heck of a time getting the device to Activate and once it did, I couldn't access the internet on that PC. Then I made Interface 2, (10.0.2.1) as seen above and internet just worked at times, other times it worked not knowing what I actually did. I think I had set up a static route in the ASUS and pointed to the gateway? Would that be the correct way?I don't even know what to change here, I add these but afraid to delete anything as everything may come to a screeching halt!Do I even need this configuration in the ASUS?
Or do I put it in the Watchguard? In my current set up as described in the diagram earlier? Bojan and CrashFF, thank you for all the guidance.Currenty the ASUS is sitting in front of the Firewall, So I need to pass the traffic onto the watch guardThats where I am confused on the Static route, the 172.16.0.4 is the IP of the Watchguard, then I have it pointed to the gateway address. Yes I need to just add the NETWORK and not the IP.Would I just configure a static route with the172.16.0.0 as the NETWORK pointing to the gateway172.16.0.1 and that will route traffic through the router?Then do the policy that CrashFF mentioned?. FROM Wan/Any External TO LAN/Any Trusted.
I was thinking that as well so I used the HTTP proxie? I hope thats good.On the bridging. So just to make sure I understand the concept before I go making changes. The watch guard has 4 interfaces plus one external.
Hard reset instructionsfor Meru Networks AP320If your AP320 router is not working as it should, dropping connections or notbeingresponsive, you should first do a reset of the router to see if the problems persist. Otherscenarios where you might want to reset your router is if you've forgotten the password ormisconfigured it and can't get access anymore.Your can reset your Meru Networks AP320 in the following way(s):The 30-30-30 resetThere are no specific instructions for this model yet, but you can always do the 30-30-30resetas follows:. When router is powered on, press the reset button and hold for 30 seconds. (Use a paperclipor something sharp).While holding the reset button pressed, unplug the power of the router and hold theresetbutton for 30 seconds.While still holding the reset button down, turn on the power to the unit again and holdforanother 30 seconds.This process usually works for resetting any router to it's factory setting.Note: It is worth reading more aboutand what the risks andconsiderationsare when resetting your router this way, instead of just rebooting it.