Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

Multiple Firewalls

We have two firewalls, each one doing VPNs.

Currently the VPNs are all on a Sonicwall firewall and we are going to migrate to a Checkpoint UTM-1 device.

Is it possible for the two to co-exist?  All our servers use the sonicwall as their default gateway, so VPNs created to the Checkpoint do not return any data to the Checkpoint.

How can I have it so that VPNs to either firewall will both allow connections to our network and return the traffic to the relevant VPN connection?

0
dtfrancis15
Asked:
dtfrancis15
  • 2
  • 2
1 Solution
 
from_expCommented:
for the migration phase you can create route on your sonicwall to redirect all traffic from your servers to VPN via checkpoint ip
0
 
from_expCommented:
so it will be like this:
sonicwall local ip 192.168.1.1/24
checkpoint local ip 192.168.1.2/34
computers have ips from 192.168.1.0/24 network and their default gw is 192.168.1.1
your vpns have ips 10.0.0.0/16 network
then you create route on your sonicwall: 10.0.0.0/16 via 192.168.1.2
don't forget to disable all vpn tunnels on sonicwall also
0
 
harbor235Commented:

This would be easy if the VPNs in question were all LAN to LAN VPNs with unique IP ranges. This way your remote proxy ID (remote network LAN network range) could be routed to the appropriate device based on the remote proxy ID. If this is remote access than there are some additional considerations.

What type of VPNs are we talking about?

harbor235 :}
0
 
dtfrancis15Author Commented:
All the current VPNs are site-to-site VPNs.  

All remote sites use a 172.168.#.# range (50 sites in total). and Head Office on a standard 192 type range.

We have had no end of trouble with the Checkpoint creating only one way tunnels (except on the last buld last week, but something appears to have screwed that up).

Am I right then to say that we cannot move a couple from one firewall to the other each day easily then?
0
 
harbor235Commented:
I think that this is very doable, especially since the VPNs are all site-to-site. This is inline with what exp is saying. So for a remote site lets say 172.168.1.0/24, say you want VPN traffic going out the Checkpoint and 172.168.2.0 to the SoniceWall. Just add a route on your servers pointing that traffic to the CHKPT FW,  and one route to the SonicWAll, remember, the more specific route will win out.

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 172.168.1.0 mask 255.255.255.0 192.168.1.2
route add 172.168.2.0 mask 255.255.255.0 192.168.1.1

harbor235 ;}
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now