Solved

Where to put my firewall

Posted on 2006-07-14
6
320 Views
Last Modified: 2013-11-16
I just got a new firewall "WatchGuard Firebox X700" and this is the first Firewall i have ever seen and used. Yes i am a newbie still. Anyways i am trying to figure out where exactlly where to put it at in my network. The following is how my network is.


Earthlink Netopia 4622 T1 Router "Running Nat" "Numbered IP Address"

48 Port Netgear Gigabit Switch


The T1 router plugs into the Switch and then all the users plug into the switch as well.


Thanks for the help

0
Comment
Question by:hcl1
  • 3
  • 3
6 Comments
 
LVL 10

Assisted Solution

by:naveedb
naveedb earned 500 total points
ID: 17112512
It should go between the T-1 router and Switch. If you want, you can move the NAT functionality to the WatchGuard to avoid duplicate NAT translations.
0
 

Author Comment

by:hcl1
ID: 17112818
Thanks for the feed back.....On my firewall box i have an External port and then Ports 1 Thru 5........ Should i plug in the router in the external and then a cable in port 1 to the switch?



Do you think earthlink will have any problems with takiing NAT off? I know i had major problems when i first got the T1 line becasue they didnt have NAT on our what they called "Numbered IP Address" and they had to go back and change my IP address.
0
 
LVL 10

Accepted Solution

by:
naveedb earned 500 total points
ID: 17113120
Thanks for the feed back.....On my firewall box i have an External port and then Ports 1 Thru 5........ Should i plug in the router in the external and then a cable in port 1 to the switch?

Yes, you will be expandin the ports on your firewall by connecting it to the switch. You may need to cross-over cable if you don't have a port that can connect two switches together MDI/MDIX.

Do you think earthlink will have any problems with takiing NAT off? I know i had major problems when i first got the T1 line becasue they didnt have NAT on our what they called "Numbered IP Address" and they had to go back and change my IP address.
 
I am not sure what the issue was originally. But give it a try, I have used this config few times without any issues. Do you have a single IP Address or a usable subnet of Public IP Addresses. If you have a single IP Address, then you may need to configure the T-1 router in a bridge mode if you disable NAT.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:hcl1
ID: 17113157
Thanks again......Earthlink provides us with a static WAN IP address and then a block of Useable IP address as well. We dont own any of them. Should i still be good?
0
 
LVL 10

Assisted Solution

by:naveedb
naveedb earned 500 total points
ID: 17114061
Yes, you should be fine. Assign one IP address from the block to the WatchGaurd and you should be good to go.
0
 

Author Comment

by:hcl1
ID: 17114931
Thanks for all the info... I am going to give it a try next weekend because i have alot to put together first and plus nobody will be there on the weekend.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how  to upgrade  to windows 10 56 145
centos kvm host, routing sip/udp to vm - iptables 15 67
TMG 2010 Deployment 3 94
Telnet IP/port - Testing for connectivity question 11 113
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question