How do I connect a Watchguard 750e and Linksys Wireless N to talk to one another?

Posted on 2007-07-23
Last Modified: 2013-11-16
1. I have two data lines in teh SAME location each with a STATIC IP Address, and I have two routers (Watchguard 750e, Linksys 300Mbps 802.11n Wireless N Router)
2. The Watchguard supports a LAN (with AD) and the Linksys is for an ISOLATED internet-only purpose
3. The workstations need to still log in to AD but maintain the Linksys Gateway and DHCP ip allocation.
4. How do I add the Linksys to the LAN Router?  Like a trust??

I do not want the workstations to see the internet through the WAN DNS server, I want to keep them on the Linksys gateway/DHCP however I still want them to log into the LAN Active directory...

Question by:afsanchez001

    Author Comment

    Should I have the LAN DHCP server allocate thier addresses?

    And should I simply point thier GATEWAY to the Linksys?

    Sounds right to me , except I do not know how to CONNECT the Linksys to the Watchguard Router so that they are on the same network...
    LVL 32

    Expert Comment

    You can configure the devices like this:
    Internet --- Watchguard ----Linksys --- Network

    In this setup the External interface of WG connects to internet; Trusted interface to a switch and then to Linksys or directly to Linksys route [internal or trusted port as external port of Linksys is connected for internet connectivity] as per your need.

    Now both Watchagurd and Linksys would be on the same subnet.

    If you now have the machines behind Linksys in different subnet than the trusted interface of WG, you would need to add a route in Watchguard Policy Manager->Network->Routes.

    If the machines behind Linksys are in the same subnet as WG then no need to add a route.

    If you want machines to direct traffic [other than Web] to WG then you would need to add relevant routes in the Linksys router. I would like to bring to your notice that I am not too sure about adding routes on Linksys and if it supports such thing.

    For DHCP if you can configure Linksys as DHCP relay agent you can use your network DHCP Server, however, if you wish Linksys to act as one then it is also fine.

    I would suggest keeping the machines behind linksys on a different subnet than the subnet of WG; for smooth flow of network traffic; otherwise you would need to configure Linksys to act as a tranparent device and not to do any NAT for traffic passing on to WG, for machine behind it.

    Please let me know if you need more details on the setup I listed.

    Thank you.

    Author Comment

    Hi dpk_wal:

    Your first response is very elegant and sounds close!  

    Does the solution you give support the fact that each router has a unique data line (Ethernet handoff) with separate static IPs?  

    History: The office owner wants to ensure that the Linksys always has internet in the event the WG ever goes down.


    1. They want to be on the WG subnet because the AD/DNS/DHCP server "SERVER001" is on the WG subnet.
    2. They want the Linksys to act as separate Gateway, and a secondary DNS.  

    Your notes show me how to put them on the same subnet but are the configurations I need possible with your solution?

    Our SETUP (with example ip addresses):

           Data line 1
           Internet - (Static IP) - |WatchGuard 750e| (

           (1) SERVER001 - (AD, DHCP, DNS)

                  note: "All three services rolled up in this one box."

           (2) WorkStation1
           (3) WorkStation2
           (4) WorkStation3

           Data line 2
           Internet - (Static IP) - |Linksys 750e|

    If the server "SERVER001" goes down and stops giving out DHCP and DNS, can the workstations still see the Linksys as the Gateway and secondary DNS until "SERVER001" comes back up?

    REASON: This 24/7 (Medical) office cannot have non-internet status, so they paid for a second T1 to be installed.  I just cannot seem to establish the bridge between two data lines on to the same subnet with the configuration I mentioned above.



    LVL 32

    Accepted Solution

    By default any device which gets IP address from a DHCP server would retain that IP address till the lease expires, or a lease is released by force [eg,. ipconfig /release or /renew] or lost [event like machine rebooting]. So if the client machines get IP address from AD [acting as DHCP server] and the lease is valid, they would have access to all resources on the same subnet.

    For DNS, if you configure AD as primary DNS and Linksys as secondary DNS [in the DHCP scope on the AD machine], if the machines are not able to reach primary DNS server they would automatically try reaching out to secondary DNS server.

    If Linksys supports IRDP, then you configure Linksys to have two gateways with different metrics.
    Let's say you want WG internet connection to be primary connection, so you define as gateway 1 with metric 1; and as gateway 2 with metric 2.

    If the Linksys router detects that internet connection to WG is lost, it would automatically route all the traffic to gateway 2; it would start routing traffic back to gateway 1 once it is up.

    Please note in this case all the machines should have default gateway as Linksys router.

    The expectation is, Linksys detects and makes decision whether to route traffic to WG or it's own internet link. I am not sure on how to configure Linksys to support IRDP and would not be able to assist you best.

    As you are putting up Linksys only for internet redundancy you can also think of purchasing license for WAN redudndancy on WG itself. This way you need not configure anything special on any of the devices and WG itself can switch between the links in case of failure.

    Please let me know if you have any more questions.

    Thank you!

    Author Comment

    Thanks dpk_wal!

    I'll be using your suggestions.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now