Solved

Multiple Firewalls

Posted on 2007-12-03
5
403 Views
Last Modified: 2013-11-22
We have two firewalls, each one doing VPNs.

Currently the VPNs are all on a Sonicwall firewall and we are going to migrate to a Checkpoint UTM-1 device.

Is it possible for the two to co-exist?  All our servers use the sonicwall as their default gateway, so VPNs created to the Checkpoint do not return any data to the Checkpoint.

How can I have it so that VPNs to either firewall will both allow connections to our network and return the traffic to the relevant VPN connection?

0
Comment
Question by:dtfrancis15
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20396379
for the migration phase you can create route on your sonicwall to redirect all traffic from your servers to VPN via checkpoint ip
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20396449
so it will be like this:
sonicwall local ip 192.168.1.1/24
checkpoint local ip 192.168.1.2/34
computers have ips from 192.168.1.0/24 network and their default gw is 192.168.1.1
your vpns have ips 10.0.0.0/16 network
then you create route on your sonicwall: 10.0.0.0/16 via 192.168.1.2
don't forget to disable all vpn tunnels on sonicwall also
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20396490

This would be easy if the VPNs in question were all LAN to LAN VPNs with unique IP ranges. This way your remote proxy ID (remote network LAN network range) could be routed to the appropriate device based on the remote proxy ID. If this is remote access than there are some additional considerations.

What type of VPNs are we talking about?

harbor235 :}
0
 

Author Comment

by:dtfrancis15
ID: 20397076
All the current VPNs are site-to-site VPNs.  

All remote sites use a 172.168.#.# range (50 sites in total). and Head Office on a standard 192 type range.

We have had no end of trouble with the Checkpoint creating only one way tunnels (except on the last buld last week, but something appears to have screwed that up).

Am I right then to say that we cannot move a couple from one firewall to the other each day easily then?
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 20397431
I think that this is very doable, especially since the VPNs are all site-to-site. This is inline with what exp is saying. So for a remote site lets say 172.168.1.0/24, say you want VPN traffic going out the Checkpoint and 172.168.2.0 to the SoniceWall. Just add a route on your servers pointing that traffic to the CHKPT FW,  and one route to the SonicWAll, remember, the more specific route will win out.

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 172.168.1.0 mask 255.255.255.0 192.168.1.2
route add 172.168.2.0 mask 255.255.255.0 192.168.1.1

harbor235 ;}
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question