Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Multiple Firewalls

Posted on 2007-12-03
5
402 Views
Last Modified: 2013-11-22
We have two firewalls, each one doing VPNs.

Currently the VPNs are all on a Sonicwall firewall and we are going to migrate to a Checkpoint UTM-1 device.

Is it possible for the two to co-exist?  All our servers use the sonicwall as their default gateway, so VPNs created to the Checkpoint do not return any data to the Checkpoint.

How can I have it so that VPNs to either firewall will both allow connections to our network and return the traffic to the relevant VPN connection?

0
Comment
Question by:dtfrancis15
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20396379
for the migration phase you can create route on your sonicwall to redirect all traffic from your servers to VPN via checkpoint ip
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20396449
so it will be like this:
sonicwall local ip 192.168.1.1/24
checkpoint local ip 192.168.1.2/34
computers have ips from 192.168.1.0/24 network and their default gw is 192.168.1.1
your vpns have ips 10.0.0.0/16 network
then you create route on your sonicwall: 10.0.0.0/16 via 192.168.1.2
don't forget to disable all vpn tunnels on sonicwall also
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20396490

This would be easy if the VPNs in question were all LAN to LAN VPNs with unique IP ranges. This way your remote proxy ID (remote network LAN network range) could be routed to the appropriate device based on the remote proxy ID. If this is remote access than there are some additional considerations.

What type of VPNs are we talking about?

harbor235 :}
0
 

Author Comment

by:dtfrancis15
ID: 20397076
All the current VPNs are site-to-site VPNs.  

All remote sites use a 172.168.#.# range (50 sites in total). and Head Office on a standard 192 type range.

We have had no end of trouble with the Checkpoint creating only one way tunnels (except on the last buld last week, but something appears to have screwed that up).

Am I right then to say that we cannot move a couple from one firewall to the other each day easily then?
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 20397431
I think that this is very doable, especially since the VPNs are all site-to-site. This is inline with what exp is saying. So for a remote site lets say 172.168.1.0/24, say you want VPN traffic going out the Checkpoint and 172.168.2.0 to the SoniceWall. Just add a route on your servers pointing that traffic to the CHKPT FW,  and one route to the SonicWAll, remember, the more specific route will win out.

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 172.168.1.0 mask 255.255.255.0 192.168.1.2
route add 172.168.2.0 mask 255.255.255.0 192.168.1.1

harbor235 ;}
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question