Zonedirector over WAN

  • 1
  • Question
  • Updated 4 months ago
Hey volks,
We have a ZD 1200 with latest Firmware. We want to have them on a WAN endpoint inside a DMZ network. In this DMZ network is a Webserver as captive Portal. Our Accesspoints should be somewhere outside this network - they're connected over their own WAN links.

In our Testlab we did:

- Having a DMZ network (192.168.110.0/24)
- Having a ZD1200 -> 192.168.110.200
- Having a Webserver for CP -> 192.168.110.10
- Having a static WAN IP 80.x.x.x with a static a record (zonedirector.company.de)
- having NAT rules to forward 443,12222,12223,21,pasv ftp incoming on WAN to ZD (192.168.110.200)

On the AP side we have:

- R500 with latest firmware (provided by ZD1200
- DynDNS (static ip is also available)
- Network 192.168.30.0/24

What is working?
- AP can reach ZD
- AP can join ZD
- ZD can manage (update, push profiles etc.)
- ZD Profile "Standard" without Authentication is working, a Tablet on AP-side is connecting to the AP and can surf, the Tablet is shown in ZD

issue:
- when trying to use a hotspot profile i can join the network, getting a IP from DHCP of AP-Side (192.168.30.111 as example) and then the redirect page comes up and try to bring me to the CP Page... this takes a long time and then i get a timeout that 192.168.110.200 isn't reachable (what is clear to me as the AP cannot connect to the DMZ area

The question is - how can i tell the ZD (or AP?) that he has to try the public ip of the ZD instead of the internal?

BR
Matthias

P.S. The goal is to have AP's without VPN connection that are managed by the ZD. We just want to have the ability to publish open SSID's where the terms of use must be accepted and after logged in we want to show our landing page first .... thats all

Any other ways to reach this goal are welcome
Photo of Matthias Donner

Matthias Donner

  • 1 Post
  • 0 Reply Likes

Posted 4 months ago

  • 1
Photo of Ryan McCaigue

Ryan McCaigue, Employee

  • 2 Posts
  • 0 Reply Likes
Are you talking about his zone director or a smart zone 100? The zone director is a local area network controller that uses LWAP. This local area network management allows you to manage AP’s on the same layer two subnet. Access points that drift above 120 ms of latency will lose connectivity to the zone director and stop servicing clients. This Smartzone 100 however is intended for wide area network connectivity to access points without the use of a VPN