This situation is very similar to the network configuration we are utilizing at out local public library, just slightly less complex. I'll try and explain what we chose to do and what I would recommend for you.
The first thing in your network to address is your firewall and router. To separate your networks properly and ensure your business data is protected, this is a must. A TZ 205 or TZ 215 would proabably be what I would recommend for the performance you need to run the multiple simultaneous connections, but it might be worth it to contact directly to Dell and discuss your network information with them for a good recommendation based on the type of traffic you see, number of concurrent access, necessary throughput, etc.
In your Sonicwall you should configure three separate network zones: Management LAN, Private LAN, Public LAN. Each of these zones will be a separate network range and be the default gateway for your three new VLANs. VLAN100 for Management LAN, VLAN101 for Private LAN, and VLAN102 for Public LAN. You can establish firewall rules to block all traffic between the Management, Private, and Public LAN zones so that users cannot traverse to network devices they shouldn't have access to. In our case we also made it so the Management LAN had access to all other VLANs, but all other VLANs did not have access back into the Management LAN.
Next, you will need a managed switch with VLAN capabilities. If you have quite a few computers simultaneously accessing and transferring data with other internal network devices, such as a server, then I'd recommend installing a gigabit switch. Otherwise you could get by with a 10/100 switch and save a little money, but anymore a gigabit switch is not going to be much more expensive. If you're considering installing PoE capable wireless access points then you may consider a PoE capable switch as well. I have had great luck with the HP ProCurve 1810 series of switches, and these come in a large different configurations from eight to 48 ports and either 10/100 or gigabit speed capabilities. These are smart managed switches which support most business features including VLANs, link aggregation, and more.
For a wireless system, you really need an enterprise wireless solution for the number of simultaneous users you are talking about, and to minimize the number of access points you will need, you should get units which also support VLAN capabilities. Again the type that we use is Ubiquiti UniFi long range access points. They are very low cost but very great quality and performance. These can operate multiple simultaneous wireless networks, such as your Private and Public networks, in separate VLANs for security. I personally have never had more than twenty simultaneous users on a single access point, but they are supposed to be capable of more than that, and even then I never had problems with it besides the underlying bandwidth from the ISP being pretty limiting. You may way to set up two units to give you full coverage as well as fault tolerance (the wireless will continue to work if one or the other units goes down) but it starts getting kind of messy once you get more than three access points in an area. It's hard to say exactly what you need for this because we don't know the exact layout of your office area.
And that is what brings me to what has been stated above kind of. While the overall idea and design of how this network can operate and what is needed is somewhat simple in networking terms, actually getting it operational and secured properly is a whole different story. If you don't know how to configure VLANs or set up firewall access permissions, if you are unfamiliar with tagged and untagged VLAN identifiers on switched networks, or understand the security policies that need to be in place to protect your business data and users, then you should find someone locally who can help you out with this. We can be here offering some advice and some rough estimates on costs for a project like this, but there are many unknowns that will always exist we just can't answer for you that may play a big difference in the solution that works best for you. It's these unknowns that a local person should be able to determine actually being at your site and speaking in person with you. I hope that this gives you a starting place to do some looking though!
Facebook
Twitter
Instagram