Watchguard 1000 Multiple Networks

I recently got hold of a Watchguard Firebox 1000  to do some testing on before possibly going for one of the newer models and I was wondering if/how I could setup another network. I currently have it configured for drop in mode and have had one network working fine however now I need to add another network which uses a different gateway which is where the problem is. If I add the new network as a secondary network it does not work as it tries to use the default gateway of the first network.

Is it possible to create a route or something similar to tell the traffic for the secondary network to use the secondary networks gateway?
LVL 3
talkster5Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
Please elaborate where does the network exist and on which interface did you configure the secondary network; let's say you have setup as below:


 internet-----router---------[WAN]WG [drop-in mode]--network
                    |-1.1.1.1/24    |-1.1.1.2/24 [gw: 1.1.1.1]
                    |-2.1.1.1/24

Now if you add 2.1.1.x/24 on external interface then all the packets would go to router using 1.1.1.1 gateway.
OR you can add a network route for 2.1.1.0/24 with gateway as 1.1.1.1; no any packets for 2.1.1.x network would go to router.


If you wish to have all packets for 2.1.1.1 to go to a different router all together then in above scenario it would not be possible;
you can configure one of the interfaces on WG with 2.1.1.1 IP and then all packets for 2.1.1.1 would go through that interface to the specified gateway.
Please note with FB1000 you are restricted to just one WAN interface and other ports like trust/optional are fixed; however, in latest version 10.x you can configure any interface on the device to act as desired untrust/trust/optional interface.
I would like to mention here if you plan to purchase the latest FB models please be aware that all physical ports available on the device would not be usable out-of-box; you would need to purchase license to make all ports work.

Thank you.
0
talkster5Author Commented:
I think I understand that this will not work but just to clarify:

194.x.x.0/24 goes to gateway 194.x.x.1
91.x.x.0/24 goes to gateway 91.x.x.1

So I can't just add a route that 91.x.x.0/24 uses gateway 91.x.x.1?

Well I am thinking of scrapping the watchguards now and just getting an ASA instead if watchguard are going to require extras as well even on the latest models.
0
dpk_walCommented:
You are current till you have an interface in the same subnet you cannot specify gateway using that subnet.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.