Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 411
  • Last Modified:

Multiple Firewalls

We have two firewalls, each one doing VPNs.

Currently the VPNs are all on a Sonicwall firewall and we are going to migrate to a Checkpoint UTM-1 device.

Is it possible for the two to co-exist?  All our servers use the sonicwall as their default gateway, so VPNs created to the Checkpoint do not return any data to the Checkpoint.

How can I have it so that VPNs to either firewall will both allow connections to our network and return the traffic to the relevant VPN connection?

0
dtfrancis15
Asked:
dtfrancis15
  • 2
  • 2
1 Solution
 
from_expCommented:
for the migration phase you can create route on your sonicwall to redirect all traffic from your servers to VPN via checkpoint ip
0
 
from_expCommented:
so it will be like this:
sonicwall local ip 192.168.1.1/24
checkpoint local ip 192.168.1.2/34
computers have ips from 192.168.1.0/24 network and their default gw is 192.168.1.1
your vpns have ips 10.0.0.0/16 network
then you create route on your sonicwall: 10.0.0.0/16 via 192.168.1.2
don't forget to disable all vpn tunnels on sonicwall also
0
 
harbor235Commented:

This would be easy if the VPNs in question were all LAN to LAN VPNs with unique IP ranges. This way your remote proxy ID (remote network LAN network range) could be routed to the appropriate device based on the remote proxy ID. If this is remote access than there are some additional considerations.

What type of VPNs are we talking about?

harbor235 :}
0
 
dtfrancis15Author Commented:
All the current VPNs are site-to-site VPNs.  

All remote sites use a 172.168.#.# range (50 sites in total). and Head Office on a standard 192 type range.

We have had no end of trouble with the Checkpoint creating only one way tunnels (except on the last buld last week, but something appears to have screwed that up).

Am I right then to say that we cannot move a couple from one firewall to the other each day easily then?
0
 
harbor235Commented:
I think that this is very doable, especially since the VPNs are all site-to-site. This is inline with what exp is saying. So for a remote site lets say 172.168.1.0/24, say you want VPN traffic going out the Checkpoint and 172.168.2.0 to the SoniceWall. Just add a route on your servers pointing that traffic to the CHKPT FW,  and one route to the SonicWAll, remember, the more specific route will win out.

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 172.168.1.0 mask 255.255.255.0 192.168.1.2
route add 172.168.2.0 mask 255.255.255.0 192.168.1.1

harbor235 ;}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now