Routing

I am trying to get s solution for a restaurant owner to allow a single solution to allow his POS system to be on a private LAN, his employees will do training on a laptop on a seperate wireless network, and he wants to allow customers to surf on another seperate wireless neteork. I bought this device as my first attempt to do this. I have the lan port 0/2 connected for his pos 192.168.1.xxx and two wieless 0/0 set to WEP on 192.168.2.XXX and the customer surf wireless on wireless 0/1 and is set open on 192.168.5.XXX.  I can connect on all wireless connections usning DHCP but no internet. I can connect a PC and see the SSG-5 over the lan port 0/2 but no internet. The ethernet port 0/0 is set the DHCP from the cable router and gets an IP address from our 219.117.0.XXX scheme but no internet. I have attached my .cfg file if someone can point me in the right direction as to where my errors might be I would be ever so thankful.   Thank you, Jay Holland

Attachment(s)

_cfg.txt   6 KB 1 version

Welcome to the SSG-5 firewall. 

Your internet access issue is just one of nat.  The quickest solution with your current setup is to make just add source nat to your existing trust to untrust access policy.

Policy--Policies
Edit the trust to untrust
Hit the advanced button
check source nat on egress interface

Some things you may want to consider is reading up on zones and policies.  this configuration does put your public traffic, employee traffic and your POS all in the same security zone.  At minimum you probably want the public segment pulled out to a separate zone and blocked off by policy.