[AusNOG] WatchGuard X550E Configuration Assistance
Daniel Watson
Daniel at glovine.com.au
Tue Apr 29 23:23:03 EST 2014
G'day Mike
Appreciate the response
After further discussions with WatchGuard this evening, exactly as you have said is correct.
Regards
Daniel
Sent from my iPad
On 29 Apr 2014, at 11:16 pm, "Mark Currie" <MCurrie at laserfast.com.au<mailto:MCurrie at laserfast.com.au>> wrote:
Hi Daniel,
Upfront I will say that personally I'm not a fan of Watchguard and have not used them for years....but technically normal firewall and IPv4 subnetting theory should apply, ie, it should be possible on any current business grade UTM/Firewall appliance by subnetting your public IP range and have some of your public range bound on eth0, and some of range bound to eth1 (DMZ presumably) with the servers, and your private IP on eth3 as a NAT'd interface. Bridge mode would not work as have more than 2 traffic bearing interfaces.
For example just say you have a /24 public IP block of 101.101.101.0/24, you could split it into 2x /25 subnets which would be 101.101.101.0/25 and 101.101.101.128/25, if your upstream router was say 101.101.101.1, you could make eth0 101.101.101.2/25 with default GW of 101.101.101.1...The DMZ (eth1) interface could then be say 101.101.101.129/25 and your servers would have addresses from 101.101.101.130 to 101.101.101.254 with the GW as 101.101.101.129. Eth3 would be NAT'd with your private office network addresses (192.168.x.x?) as per a normal firewall.
Regards,
Mark Currie
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Daniel Watson
Sent: Tuesday, 29 April 2014 3:28 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>; aussag at lists.aussag.net<mailto:aussag at lists.aussag.net>
Subject: [AusNOG] WatchGuard X550E Configuration Assistance
Gday Guys
I have recently acquired a Watchguard X550E Core Firewall Device which I would like to implement infront of our network in Sydney,
I have never used Watchguard until today so I am looking for some guidance from people on-list whom might know if what I'm asking is correct
Ideally I would configure Interface0 with a public IP which will be the uplink back to our router
Ideally I would then configure Interface1 with a public IP which will be downlink to switch were all servers are located
Interface2 would be disabled
Interface3 would be an uplink to switch on VLAN for PRIVATE NETWORK so we can eventually VPN into our private LAN
If anybody whom uses Watchguard can tell me if this is correct way to go about this, it would be a huge help
TIA
Regards,
Daniel Watson
Network Administrator / Network Operations Manager
E Daniel at GloVine.com.au<mailto:Daniel at GloVine.com.au>
W www.GloVine.com.au<http://www.GloVine.com.au>
--
This email was Virus checked by Sophos UTM 9. http://www.sophos.com
--
This email was Virus checked by Sophos UTM 9. http://www.sophos.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140429/1b808f03/attachment.html>
More information about the AusNOG
mailing list