?
Solved

Watchguard Firebox II routes from trusted network

Posted on 2007-10-12
6
Medium Priority
?
930 Views
Last Modified: 2013-11-16
Hello.  We have two sites connected via VPN.  The remote network is 10.0.0.0/24 and the local network is 172.16.0.0/16  They are connected via VPN router and connectivity is good.  There is a WatchGuard Firebox II firewall on the Gateway from the 172 Optional network with a Route set up pointing all traffic destined for the 10.0.0.0 network to the VPN router on 172.16.10.10.  All is good so far.
What we wish to do is access the 10.0.0.0 network from the Trusted network (192.168.91.0/24) in the same way, ie. over the same VPN, but the route only applies on the following Firebox port - i.e. the Optional network

eth2 gateway to network 10.0.0.0 netmask 255.255.255.0

How can I set up a static route that forwards all packets from the 192.168.91.0/24 trusted network to the 172.16.10.10 router on the optional network?

Many thanks in advance
Pete Walker
0
Comment
Question by:pete9mm
  • 3
4 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 20079808
You already must have a network route for 10.0.0.0/24 with 172.16.10.10 as gateway, I think this should also take care of your 192.168.91.0/24 network traffic destined for 10.0.0.0/24; the only thing is: all the traffic from optional interface destined for trusted interface is prevented by default. So adding a specific service or ANY service should get the traffic to flow. Configure the service as below:
Outgoing Allow From: 192.168.91.0/24 to: 10.0.0.0/24 and
Incoming Allow From: 10.0.0.0/24 to: 192.168.91.0/24

Please implement and udpate.

Thank you.
0
 

Author Comment

by:pete9mm
ID: 20080171
Thank you for your comments dpk_wal.  Unfortunately, adding this Any rule has not helped.  

The monitor shows this when a ping to 10.0.0.2 is executed:  10/15/07 18:22  firewalld[356]:  allow out eth1 60 icmp 20 128 192.168.91.170 10.0.0.2 8 0 (Any-BH)

This may not be relevant, but when tracing the route from the 172 network, and with the Firebox as the gateway, its IP address doesn't show up on the trace, whereas the first hop on the failed trace from the 192 network does show up on the trace.
Additional info:  The VPN router on the 172 network (172.16.10.10) has a static route set to use 172.16.0.11 (the optional Firebox interface) as the gateway for all traffic destined to the 192 network.  The metric is set to 2 and I wanted to check that this is OK.

Thank you
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20083429
On the router use the router IP instead of FB optional interface IP as gateway for 192.168.91.0/24 network.

Also, in the ANY rule add 172.16.0.0/26 network in addition to 10.0.0.0/24 network and check results.

Please update.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25778801
Solution was provided but user comment was needed to check if that worked.

Thank you.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question