Network : Network > Zones

Configuring a Zone for Guest Access
SonicWALL User Guest Services provides an easy solution for creating wired and wireless guest passes and/or locked-down Internet-only network access for visitors or untrusted network nodes. This functionality can be extended to wireless or wired users on the WLAN, LAN, DMZ, or public/semi-public zone of your choice.
To configure Guest Services feature:
Navigate to the Network > Zones page.
Click the Configure button for the zone you wish to add Guest Services to. The Edit Zone window displays.
Click the Guest Services tab.
Enable Guest Services - Enables guest services on the WLAN zone.
Enable inter-guest communication - Allows guests to communicate directly with other users who are connected to this zone.
Bypass AV Check for Guests - Allows guest traffic to bypass Anti-Virus protection.
Enable External Guest Authentication - Requires guests connecting from the device or network you select to authenticate before gaining access.
Enable Policy Page without authentication - Directs users to a guest services usage policy page that does not require authentication. Click Configure to set up an HTML customizable policy usage page.
Custom Authentication Page - Redirects users to a custom authentication page when they first connect to the network. Click Configure to set up the custom authentication page. Enter either a URL to an authentication page or a custom challenge statement in the text field, and click OK.
Post Authentication Page - Directs users to the page you specify immediately after successful authentication. Enter a URL for the post-authentication page in the field.
Bypass Guest Authentication - Allows the Guest Services feature to integrate into environments already using some form of user-level authentication. This feature automates the authentication process, allowing wireless users to reach Guest Services resources without requiring authentication. This feature should only be used when unrestricted Guest Service access is desired, or when another device upstream is enforcing authentication.
Redirect SMTP traffic to - Redirects SMTP traffic incoming on this zone to an SMTP server you specify. Select the address object to redirect traffic to.
Deny Networks - Blocks traffic to the networks you name. Select the subnet, address group, or IP address to block traffic to.
Pass Networks - Allows traffic through the Guest Service-enabled zone to the networks you select.
Max Guests - Specifies the maximum number of guest users allowed to connect to this zone. The default setting is 10.
Special Guest Services Features for Wireless Zones
Enable Dynamic Address Translation (DAT) - Guest Services provides spur of the moment “hotspot” access to wireless-capable guests and visitors. For easy connectivity, Guest Services allows wireless users to authenticate and associate, obtain IP settings, and authenticate using any Web-browser. Without DAT, if a guest user is not a DHCP client, but instead has static IP settings incompatible with the Wireless WLAN network settings, network connectivity is prevented until the user’s settings change to compatible values. Dynamic Address Translation (DAT) is a form of Network Address Translation (NAT) that allows the system to support any IP addressing scheme for guest users. For example, the Wireless WLAN interface is configured with its default address of, and one guest client has a static IP address of and a default gateway of, while another has a static IP address of and a gateway of, and DAT enables network communication for both of these clients.
Click OK to apply these settings to this zone.