[AusNOG] WatchGuard X550E Configuration Assistance

Mark Currie MCurrie at laserfast.com.au
Tue Apr 29 23:15:30 EST 2014 

Hi Daniel,

Upfront I will say that personally I’m not a fan of Watchguard and have not used them for years....but technically normal firewall and IPv4 subnetting theory should apply, ie, it should be possible on any current business grade UTM/Firewall appliance by subnetting your public IP range and have some of your public range bound on eth0, and some of range bound to eth1 (DMZ presumably) with the servers, and your private IP on eth3 as a NAT’d interface. Bridge mode would not work as  have more than 2 traffic bearing interfaces.

For example just say you have a /24 public IP block of 101.101.101.0/24, you could split it into 2x /25 subnets which would be 101.101.101.0/25 and 101.101.101.128/25, if your upstream router was say 101.101.101.1, you could make eth0 101.101.101.2/25 with default GW of 101.101.101.1…The DMZ (eth1) interface could then be say 101.101.101.129/25 and your servers would have addresses from 101.101.101.130 to 101.101.101.254 with the GW as 101.101.101.129. Eth3 would be NAT’d with your private office network addresses (192.168.x.x?) as per a normal firewall.

Regards,
Mark Currie


From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Daniel Watson
Sent: Tuesday, 29 April 2014 3:28 PM
To: ausnog at lists.ausnog.net; aussag at lists.aussag.net
Subject: [AusNOG] WatchGuard X550E Configuration Assistance

Gday Guys

I have recently acquired a Watchguard X550E Core Firewall Device which I would like to implement infront of our network in Sydney,

I have never used Watchguard until today so I am looking for some guidance from people on-list whom might know if what I’m asking is correct

Ideally I would configure Interface0 with a public IP which will be the uplink back to our router
Ideally I would then configure Interface1 with a public IP which will be downlink to switch were all servers are located
Interface2 would be disabled
Interface3 would be an uplink to switch on VLAN for PRIVATE NETWORK so we can eventually VPN into our private LAN

If anybody whom uses Watchguard can tell me if this is correct way to go about this, it would be a huge help

TIA


Regards,
Daniel Watson
Network Administrator / Network Operations Manager

E Daniel at GloVine.com.au<mailto:Daniel at GloVine.com.au>
W www.GloVine.com.au<http://www.GloVine.com.au>




--

This email was Virus checked by Sophos UTM 9. http://www.sophos.com

-- 
This email was Virus checked by Sophos UTM 9. http://www.sophos.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140429/0a795729/attachment.html>

More information about the AusNOG mailing list