• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

Watchguard 1000 Multiple Networks

I recently got hold of a Watchguard Firebox 1000  to do some testing on before possibly going for one of the newer models and I was wondering if/how I could setup another network. I currently have it configured for drop in mode and have had one network working fine however now I need to add another network which uses a different gateway which is where the problem is. If I add the new network as a secondary network it does not work as it tries to use the default gateway of the first network.

Is it possible to create a route or something similar to tell the traffic for the secondary network to use the secondary networks gateway?
  • 2
1 Solution
Please elaborate where does the network exist and on which interface did you configure the secondary network; let's say you have setup as below:

 internet-----router---------[WAN]WG [drop-in mode]--network
                    |-    |- [gw:]

Now if you add 2.1.1.x/24 on external interface then all the packets would go to router using gateway.
OR you can add a network route for with gateway as; no any packets for 2.1.1.x network would go to router.

If you wish to have all packets for to go to a different router all together then in above scenario it would not be possible;
you can configure one of the interfaces on WG with IP and then all packets for would go through that interface to the specified gateway.
Please note with FB1000 you are restricted to just one WAN interface and other ports like trust/optional are fixed; however, in latest version 10.x you can configure any interface on the device to act as desired untrust/trust/optional interface.
I would like to mention here if you plan to purchase the latest FB models please be aware that all physical ports available on the device would not be usable out-of-box; you would need to purchase license to make all ports work.

Thank you.
talkster5Author Commented:
I think I understand that this will not work but just to clarify:

194.x.x.0/24 goes to gateway 194.x.x.1
91.x.x.0/24 goes to gateway 91.x.x.1

So I can't just add a route that 91.x.x.0/24 uses gateway 91.x.x.1?

Well I am thinking of scrapping the watchguards now and just getting an ASA instead if watchguard are going to require extras as well even on the latest models.
You are current till you have an interface in the same subnet you cannot specify gateway using that subnet.

Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now