I know the 3750X's have a management interface on the back which is a 10/100 Fast ethernet port. Its right next to the RJ-45 console port. I also believe that the 2960 switch that you listed there also has a management port on the front of it, above the SFP ports.
Assuming your switches aren't too far away, you could use the management interfaces to manage your devices remotely if you will. Of course you would require additional cabling back to another "management switch" which would likely contain the VLAN required just to manage these devices.
Otherwise, you could also run a terminal server server such as an OpenGear or something of that nature and have the console connections linked back to this device in order to remotely control them if your entire network is having issues or what not.
These management interfaces do operate on their own VRF and will also not participate in STP as they're not running on the active VLAN that is being trunked down to them. However, I have seen it where some organizations like to have the management VLAN on the same subnet as the hosts on the switch. This allows them to ping and check the arp table/mac address table and pinpoint where devices are a bit easier than if it was just a simple L2 network. There are of course pro's and con's to each method, however, given that you wanted to go about a out-of-band method. I would say the management interface is probably is your best direction.
It kind of depends on how much data you will be moving between these two external subnets. If you allow the HP to route directly between those subnets, you can have as many 1GB streams between them as you have ports configured for them. With "router-on-a-stick" (I've always called it vlan-on-a-stick, but same concept), you would be limited to just 1GB in total throughput between the vlans (leaving out the possibility of doing an lacp trunk between the SonicWALL and the HP).
In doing this method, the third vlan would be considered a "transit network", and would make it easier down the road as your network grows to implement a dynamic routing protocol, or to add more routers into the network, if the need ever arises.
The HP switch would be acting as your layer 3 core, and you would have an IP address in each of the 3 vlans. The SonicWALL would need only an access port to the transit network, and it's own IP on that network.
From there, a default route statement in the HP pointing to the SonicWALL's transit net ip address, and two static routes in the SonicWALL (one for each of your 'external' subnets) pointing back at the HP's transit net IP.
The easy button is to simply run a vlan trunk to the SonicWALL, and put an address on each of the vlans you want to route for. I've done it this way in the past, and if you don't plan on heavy traffic, it's perfectly viable, and pretty easy to configure.
If you could post some of your route statements in your attempts at setting up the transit net, I'm sure someone could help you get that straightened out.
Best Answer
One of your WAPs is in the
192.168.20.0/24network on an unmanaged switch. That presents a problem if the controller is not allowed to access that network. What you really want to do is set up each WAP with a trunk. You want to trunk a management VLAN to the WAPs, along with the user VLANs for the WAPs. Unfortunately, you can't trunk with an unmanaged switch.The ideal way is to create a management VLAN, and have the WAPs and the controller all connected to that VLAN. You also trunk whichever user VLANs you want the WAPs to advertise through SSIDs. You will need to replace the unmanaged switch with one that can do VLANs. This will also make the management of the WAPs more secure, and you can use the management VLAN to manage the switches, too.