I called SonicWALL support yesterday and the call went much better than the first support call. For openers, the tech was apparently a native English speaker, and I had no difficulty understanding her. For another, she picked up right away on the problem.
I ordered a new 470 from Dell, but what they sent me was an upgrade, and that serial number required a “trade-in”. No, not an actual physical trade-in, but the serial number of a device that I had purchased but was no longer in service. I had a NSA 250M that I had registered and wasn’t using, so I asked her to use that serial number. She also gave me the maintenance code.
I rang off, connected the WAN side of the 470 to my internal network with the Sophos firewall between that at the Internet, and the LAN side of the 470 directly to a PC. I booted the 470.
Surprise! The wrench light was unlit. That means that it was no longer in Safe Mode. I guess safe mode is a one-time thing. But that left me where I started, not knowing the LAN-side IP address of the 470. I had an idea. Through forgetfulness, I hadn’t turned off the LAN-side DHCP server. So I turned on the DHCP client on the PC, and reconnected. Then I ran ipconfig /all.
Well there it is! I’d typed in the wrong IP address for the 470’s LAN side, and the DHCP server had automagically changed its settings to match.
I configured the WAN DHCP client, and got a DHCP lease from the Microsoft Windows Server. I checked Internet connectivity, and it looked good.
Looks like I don’t need that maintenance code.
But, in spite of what the support tech had said, the 470 nagged me to register it from the device itself. I did that, and it was happy.
I set up the WiFi access point, pointed my iPhone to it, and browsed the ‘net just fine. I couldn’t figure out how to enter the DNS server IP addresses, but it turns out those are inherited from the top-level 470 DNS settings. I couldn’t figure out how to do reservations ono either DHCP server. Maybe that’s not possible with SonicWALL’s DHCP server. I restricted the scopes so that I could add static IP addresses outside them.
I disabled management from WiFi.
I changed the admin password.
After some searching, I found the firewall rules; they’ve moved from my previous firewalls. I’ll configure them by hand.
There were a bunch on unlicensed services that I was using on my NSA 3600. I guess I was wrong about the bundling being substantially changed. Looks like if you want all-inclusive services, Sophos is cheaper.
All’s well that ends well.