Best internet/network setup?

[automagrt]

We have a Mac Pro running OS X Server 10.6.8. Here's the current network/internet setup:
Cable modem -> switch -> server (1st NIC) and Airport base station (open wireless)
Then from the server the second NIC goes to another switch and another Airport base station that has a secured wireless network. Those connected to the wired LAN or secured wireless network are routed through the server for everything and it supplies DNS, DHCP, and the firewall. Those on the open wireless network have no access and are routed through the Airport directly to the internet.

Both the open wireless and secured wireless network are extended using 2 other Airports.

I didn't set this system up but I understand why it was done this way. However, I think there's got to be a better way while still allowing public access to internet but keeping the server secure. What I want to be able to do is setup some type of QoS or at least be able to throttle those on the open wireless network. Currently there's no way to do this. I was thinking of routing everyone through the server, and setting up the Airport to operate a guest network. That would isolate them from the server, correct? If that works then we'd only need 2 wireless access points instead of the 4 we have now. It still leaves the problem of QoS/throttling. Do I need to put a router in there somewhere with those capabilities? I don't want to add too much to the complexity since the server is already handling DHCP and the firewall. Basically I want to be able to give priority to those on the wired LAN or secured WLAN priority over those on the public one. We have a Sonicwall TZ 100 that's not being used. Not sure if this can be utilized in some fashion to accomplish what I want.

Thanks!

 

[aarond12]

We have a Mac Pro running OS X Server 10.6.8.

Your SonicWall TZ 100 is what you'll want to use to manage your network. You can probably greatly simplify your network with a little understanding and managing the SonicWall.

Cable Modem --> SonicWall --> VLAN1 (Mac Pro, Airport #1) , VLAN2 (Airport #2)

With the SonicWall's ability to create a VLAN, you can put each device on its own virtual network, each with its own firewall rules. I don't see a mention in the basic marketing information about QoS or throttling, but I would be surprised if it's not there.

All I'm using as a resource is their marketing information. I do NOT know how to configure this device. I'm just giving you an idea of where I would personally start to do this.

 

[automagrt]

Your SonicWall TZ 100 is what you'll want to use to manage your network. You can probably greatly simplify your network with a little understanding and managing the SonicWall.

Cable Modem --> SonicWall --> VLAN1 (Mac Pro, Airport #1) , VLAN2 (Airport #2)

With the SonicWall's ability to create a VLAN, you can put each device on its own virtual network, each with its own firewall rules. I don't see a mention in the basic marketing information about QoS or throttling, but I would be surprised if it's not there.

All I'm using as a resource is their marketing information. I do NOT know how to configure this device. I'm just giving you an idea of where I would personally start to do this.

I spent some time reading more about the TZ 100 and it has quite a bit of functionality and does do QoS and can limit bandwidth. The problem is that I'd rather not do a huge reconfiguration of the network. I'm hesitant to put the TZ 100 in front of the server since it's already handling the firewall, DNS, and DHCP and is relatively easy to use. It appears that I can put it after the server and use it in bridge or transparent mode which will give me most of the functionality I want without changing the existing setup. I just have to figure it all out as it's a little over my head at this point.

 

[aarond12]

I spent some time reading more about the TZ 100 and it has quite a bit of functionality and does do QoS and can limit bandwidth. The problem is that I'd rather not do a huge reconfiguration of the network. I'm hesitant to put the TZ 100 in front of the server since it's already handling the firewall, DNS, and DHCP and is relatively easy to use. It appears that I can put it after the server and use it in bridge or transparent mode which will give me most of the functionality I want without changing the existing setup. I just have to figure it all out as it's a little over my head at this point.

You can likely DMZ a port for the Mac Server. That way you wouldn't have to reconfigure the entire network, just that one port plus another for the second AirPort. That way you would isolate the two networks and still be able to put throttling/QoS on the second AirPort.