How do I connect a Watchguard 750e and Linksys Wireless N to talk to one another?

1. I have two data lines in teh SAME location each with a STATIC IP Address, and I have two routers (Watchguard 750e, Linksys 300Mbps 802.11n Wireless N Router)
2. The Watchguard supports a LAN (with AD) and the Linksys is for an ISOLATED internet-only purpose
3. The workstations need to still log in to AD but maintain the Linksys Gateway and DHCP ip allocation.
4. How do I add the Linksys to the LAN Router?  Like a trust??

I do not want the workstations to see the internet through the WAN DNS server, I want to keep them on the Linksys gateway/DHCP however I still want them to log into the LAN Active directory...

Who is Participating?
dpk_walConnect With a Mentor Commented:
By default any device which gets IP address from a DHCP server would retain that IP address till the lease expires, or a lease is released by force [eg,. ipconfig /release or /renew] or lost [event like machine rebooting]. So if the client machines get IP address from AD [acting as DHCP server] and the lease is valid, they would have access to all resources on the same subnet.

For DNS, if you configure AD as primary DNS and Linksys as secondary DNS [in the DHCP scope on the AD machine], if the machines are not able to reach primary DNS server they would automatically try reaching out to secondary DNS server.

If Linksys supports IRDP, then you configure Linksys to have two gateways with different metrics.
Let's say you want WG internet connection to be primary connection, so you define as gateway 1 with metric 1; and as gateway 2 with metric 2.

If the Linksys router detects that internet connection to WG is lost, it would automatically route all the traffic to gateway 2; it would start routing traffic back to gateway 1 once it is up.

Please note in this case all the machines should have default gateway as Linksys router.

The expectation is, Linksys detects and makes decision whether to route traffic to WG or it's own internet link. I am not sure on how to configure Linksys to support IRDP and would not be able to assist you best.

As you are putting up Linksys only for internet redundancy you can also think of purchasing license for WAN redudndancy on WG itself. This way you need not configure anything special on any of the devices and WG itself can switch between the links in case of failure.

Please let me know if you have any more questions.

Thank you!
afsanchez001Author Commented:
Should I have the LAN DHCP server allocate thier addresses?

And should I simply point thier GATEWAY to the Linksys?

Sounds right to me , except I do not know how to CONNECT the Linksys to the Watchguard Router so that they are on the same network...
You can configure the devices like this:
Internet --- Watchguard ----Linksys --- Network

In this setup the External interface of WG connects to internet; Trusted interface to a switch and then to Linksys or directly to Linksys route [internal or trusted port as external port of Linksys is connected for internet connectivity] as per your need.

Now both Watchagurd and Linksys would be on the same subnet.

If you now have the machines behind Linksys in different subnet than the trusted interface of WG, you would need to add a route in Watchguard Policy Manager->Network->Routes.

If the machines behind Linksys are in the same subnet as WG then no need to add a route.

If you want machines to direct traffic [other than Web] to WG then you would need to add relevant routes in the Linksys router. I would like to bring to your notice that I am not too sure about adding routes on Linksys and if it supports such thing.

For DHCP if you can configure Linksys as DHCP relay agent you can use your network DHCP Server, however, if you wish Linksys to act as one then it is also fine.

I would suggest keeping the machines behind linksys on a different subnet than the subnet of WG; for smooth flow of network traffic; otherwise you would need to configure Linksys to act as a tranparent device and not to do any NAT for traffic passing on to WG, for machine behind it.

Please let me know if you need more details on the setup I listed.

Thank you.
afsanchez001Author Commented:
Hi dpk_wal:

Your first response is very elegant and sounds close!  

Does the solution you give support the fact that each router has a unique data line (Ethernet handoff) with separate static IPs?  

History: The office owner wants to ensure that the Linksys always has internet in the event the WG ever goes down.


1. They want to be on the WG subnet because the AD/DNS/DHCP server "SERVER001" is on the WG subnet.
2. They want the Linksys to act as separate Gateway, and a secondary DNS.  

Your notes show me how to put them on the same subnet but are the configurations I need possible with your solution?

Our SETUP (with example ip addresses):

       Data line 1
       Internet - (Static IP) - |WatchGuard 750e| (

       (1) SERVER001 - (AD, DHCP, DNS)

              note: "All three services rolled up in this one box."

       (2) WorkStation1
       (3) WorkStation2
       (4) WorkStation3

       Data line 2
       Internet - (Static IP) - |Linksys 750e|

If the server "SERVER001" goes down and stops giving out DHCP and DNS, can the workstations still see the Linksys as the Gateway and secondary DNS until "SERVER001" comes back up?

REASON: This 24/7 (Medical) office cannot have non-internet status, so they paid for a second T1 to be installed.  I just cannot seem to establish the bridge between two data lines on to the same subnet with the configuration I mentioned above.



afsanchez001Author Commented:
Thanks dpk_wal!

I'll be using your suggestions.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.