[AusNOG] WatchGuard X550E Configuration Assistance

Daniel Watson Daniel at glovine.com.au
Tue Apr 29 23:30:16 EST 2014


G'day Robert (Peter)

I'd be Daniel not (David)

Apologies to Mark, iPad texting is not the best :D

Daniel

Sent from my iPad

On 29 Apr 2014, at 11:28 pm, "Robert Hudson" <hudrob at gmail.com<mailto:hudrob at gmail.com>> wrote:

Dear David,

That'd be "Mark", not "Mike" I think...

Regards,

Peter.


On 29 April 2014 23:23, Daniel Watson <Daniel at glovine.com.au<mailto:Daniel at glovine.com.au>> wrote:
G'day Mike

Appreciate the response

After further discussions with WatchGuard this evening, exactly as you have said is correct.

Regards

Daniel

Sent from my iPad

On 29 Apr 2014, at 11:16 pm, "Mark Currie" <MCurrie at laserfast.com.au<mailto:MCurrie at laserfast.com.au>> wrote:

Hi Daniel,

Upfront I will say that personally I'm not a fan of Watchguard and have not used them for years....but technically normal firewall and IPv4 subnetting theory should apply, ie, it should be possible on any current business grade UTM/Firewall appliance by subnetting your public IP range and have some of your public range bound on eth0, and some of range bound to eth1 (DMZ presumably) with the servers, and your private IP on eth3 as a NAT'd interface. Bridge mode would not work as  have more than 2 traffic bearing interfaces.

For example just say you have a /24 public IP block of 101.101.101.0/24<http://101.101.101.0/24>, you could split it into 2x /25 subnets which would be 101.101.101.0/25<http://101.101.101.0/25> and 101.101.101.128/25<http://101.101.101.128/25>, if your upstream router was say 101.101.101.1, you could make eth0 101.101.101.2/25<http://101.101.101.2/25> with default GW of 101.101.101.1...The DMZ (eth1) interface could then be say 101.101.101.129/25<http://101.101.101.129/25> and your servers would have addresses from 101.101.101.130 to 101.101.101.254 with the GW as 101.101.101.129. Eth3 would be NAT'd with your private office network addresses (192.168.x.x?) as per a normal firewall.

Regards,
Mark Currie


From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Daniel Watson
Sent: Tuesday, 29 April 2014 3:28 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>; aussag at lists.aussag.net<mailto:aussag at lists.aussag.net>
Subject: [AusNOG] WatchGuard X550E Configuration Assistance

Gday Guys

I have recently acquired a Watchguard X550E Core Firewall Device which I would like to implement infront of our network in Sydney,

I have never used Watchguard until today so I am looking for some guidance from people on-list whom might know if what I'm asking is correct

Ideally I would configure Interface0 with a public IP which will be the uplink back to our router
Ideally I would then configure Interface1 with a public IP which will be downlink to switch were all servers are located
Interface2 would be disabled
Interface3 would be an uplink to switch on VLAN for PRIVATE NETWORK so we can eventually VPN into our private LAN

If anybody whom uses Watchguard can tell me if this is correct way to go about this, it would be a huge help

TIA


Regards,
Daniel Watson
Network Administrator / Network Operations Manager

E Daniel at GloVine.com.au<mailto:Daniel at GloVine.com.au>
W www.GloVine.com.au<http://www.GloVine.com.au>




--

This email was Virus checked by Sophos UTM 9. http://www.sophos.com

--
This email was Virus checked by Sophos UTM 9. http://www.sophos.com

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140429/d53ed295/attachment.html>


More information about the AusNOG mailing list