[AusNOG] WatchGuard X550E Configuration Assistance

Robert Hudson hudrob at gmail.com
Tue Apr 29 23:26:27 EST 2014


Dear David,

That'd be "Mark", not "Mike" I think...

Regards,

Peter.


On 29 April 2014 23:23, Daniel Watson <Daniel at glovine.com.au> wrote:

>  G'day Mike
>
>  Appreciate the response
>
>  After further discussions with WatchGuard this evening, exactly as you
> have said is correct.
>
>  Regards
>
>  Daniel
>
> Sent from my iPad
>
> On 29 Apr 2014, at 11:16 pm, "Mark Currie" <MCurrie at laserfast.com.au>
> wrote:
>
>   Hi Daniel,
>
>
>
> Upfront I will say that personally I’m not a fan of Watchguard and have
> not used them for years....but technically normal firewall and IPv4
> subnetting theory should apply, ie, it should be possible on any current
> business grade UTM/Firewall appliance by subnetting your public IP range
> and have some of your public range bound on eth0, and some of range bound
> to eth1 (DMZ presumably) with the servers, and your private IP on eth3 as a
> NAT’d interface. Bridge mode would not work as  have more than 2 traffic
> bearing interfaces.
>
>
>
> For example just say you have a /24 public IP block of 101.101.101.0/24,
> you could split it into 2x /25 subnets which would be 101.101.101.0/25and
> 101.101.101.128/25, if your upstream router was say 101.101.101.1, you
> could make eth0 101.101.101.2/25 with default GW of 101.101.101.1…The DMZ
> (eth1) interface could then be say 101.101.101.129/25 and your servers
> would have addresses from 101.101.101.130 to 101.101.101.254 with the GW as
> 101.101.101.129. Eth3 would be NAT’d with your private office network
> addresses (192.168.x.x?) as per a normal firewall.
>
>
>
> Regards,
>
> Mark Currie
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net<ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *Daniel Watson
> *Sent:* Tuesday, 29 April 2014 3:28 PM
> *To:* ausnog at lists.ausnog.net; aussag at lists.aussag.net
> *Subject:* [AusNOG] WatchGuard X550E Configuration Assistance
>
>
>
> Gday Guys
>
>
>
> I have recently acquired a Watchguard X550E Core Firewall Device which I
> would like to implement infront of our network in Sydney,
>
>
>
> I have never used Watchguard until today so I am looking for some guidance
> from people on-list whom might know if what I’m asking is correct
>
>
>
> Ideally I would configure Interface0 with a public IP which will be the
> uplink back to our router
>
> Ideally I would then configure Interface1 with a public IP which will be
> downlink to switch were all servers are located
>
> Interface2 would be disabled
>
> Interface3 would be an uplink to switch on VLAN for PRIVATE NETWORK so we
> can eventually VPN into our private LAN
>
>
>
> If anybody whom uses Watchguard can tell me if this is correct way to go
> about this, it would be a huge help
>
>
>
> TIA
>
>
>
>
>
> Regards,
>
> Daniel Watson
>
> Network Administrator / Network Operations Manager
>
>
>
> E Daniel at GloVine.com.au
>
> W www.GloVine.com.au
>
>
>
>
>
> --
>
> This email was Virus checked by Sophos UTM 9. http://www.sophos.com
>
>  --
> This email was Virus checked by Sophos UTM 9. http://www.sophos.com
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140429/7e62a78f/attachment.html>


More information about the AusNOG mailing list