Solved

Watchguard x750e Configuration Issues

Posted on 2008-10-06
2
637 Views
Last Modified: 2013-11-16
Hi,

We've inhireted a network which uses the IP range 137.121.82.0 /24, we're trying to configure a new x750e using this range as the Trusted network. On the External, we have a /29 subnet of IPs to use.

The current configuration is as follows :

Eth 1 Trusted Interface : 137.121.82.230 /24
Eth 0 External Interface : This is using the PPPOE client and obtaining details via DHCP.

The problem is that traffic is not being routed externally. When configured as follows :

Eth 1 Trusted Interface : 192.168.2.1 /24
Eth 0 External Interface as above, PPPOE with IP via DHCP, traffic is being routed fine.

What could be the issue here?
0
Comment
Question by:SBSNetworks
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22656668
By default the dynamic NAT is only allowed from the private IP ranges, viz.:
10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16

As you have 137.121.82.0 /24 on trusted; you need to go to Policy Manager; Network->NAT; and add 137.121.82.0 /24 to be allowed as:
In Policy Manager; go to Network->NAT; click Dynamic NAT tab; click Add; add entry as:
From: 137.121.82.0 /24; to Any-External

Move up if you wish [doesn't matter]; save settings to firebox. I would like to point out to you a potential problem with this configuration, if on internet there exists some server(s) which is/are running on same IP subnet 137.121.82.0 /24; then you would not be able to access that server when behind firebox.

Please implement and update.

Thank you.
0
 

Author Closing Comment

by:SBSNetworks
ID: 31503514
Many thanks for this, this was exactly what solved the issue, you've been a great help.
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 1 70
penetration testing -- metasploit / etc ? 2 66
ASE reports it as spam 2 952
ipsec tunnel comme not up 10 124
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question