Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Multiple Firewalls

Posted on 2007-12-03
5
Medium Priority
?
406 Views
Last Modified: 2013-11-22
We have two firewalls, each one doing VPNs.

Currently the VPNs are all on a Sonicwall firewall and we are going to migrate to a Checkpoint UTM-1 device.

Is it possible for the two to co-exist?  All our servers use the sonicwall as their default gateway, so VPNs created to the Checkpoint do not return any data to the Checkpoint.

How can I have it so that VPNs to either firewall will both allow connections to our network and return the traffic to the relevant VPN connection?

0
Comment
Question by:dtfrancis15
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20396379
for the migration phase you can create route on your sonicwall to redirect all traffic from your servers to VPN via checkpoint ip
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20396449
so it will be like this:
sonicwall local ip 192.168.1.1/24
checkpoint local ip 192.168.1.2/34
computers have ips from 192.168.1.0/24 network and their default gw is 192.168.1.1
your vpns have ips 10.0.0.0/16 network
then you create route on your sonicwall: 10.0.0.0/16 via 192.168.1.2
don't forget to disable all vpn tunnels on sonicwall also
0
 
LVL 32

Expert Comment

by:harbor235
ID: 20396490

This would be easy if the VPNs in question were all LAN to LAN VPNs with unique IP ranges. This way your remote proxy ID (remote network LAN network range) could be routed to the appropriate device based on the remote proxy ID. If this is remote access than there are some additional considerations.

What type of VPNs are we talking about?

harbor235 :}
0
 

Author Comment

by:dtfrancis15
ID: 20397076
All the current VPNs are site-to-site VPNs.  

All remote sites use a 172.168.#.# range (50 sites in total). and Head Office on a standard 192 type range.

We have had no end of trouble with the Checkpoint creating only one way tunnels (except on the last buld last week, but something appears to have screwed that up).

Am I right then to say that we cannot move a couple from one firewall to the other each day easily then?
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 2000 total points
ID: 20397431
I think that this is very doable, especially since the VPNs are all site-to-site. This is inline with what exp is saying. So for a remote site lets say 172.168.1.0/24, say you want VPN traffic going out the Checkpoint and 172.168.2.0 to the SoniceWall. Just add a route on your servers pointing that traffic to the CHKPT FW,  and one route to the SonicWAll, remember, the more specific route will win out.

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 172.168.1.0 mask 255.255.255.0 192.168.1.2
route add 172.168.2.0 mask 255.255.255.0 192.168.1.1

harbor235 ;}
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question