Watchguard 1000 Multiple Networks
I recently got hold of a Watchguard Firebox 1000 to do some testing on before possibly going for one of the newer models and I was wondering if/how I could setup another network. I currently have it configured for drop in mode and have had one network working fine however now I need to add another network which uses a different gateway which is where the problem is. If I add the new network as a secondary network it does not work as it tries to use the default gateway of the first network.
Is it possible to create a route or something similar to tell the traffic for the secondary network to use the secondary networks gateway?
Is it possible to create a route or something similar to tell the traffic for the secondary network to use the secondary networks gateway?
ASKER
I think I understand that this will not work but just to clarify:
194.x.x.0/24 goes to gateway 194.x.x.1
91.x.x.0/24 goes to gateway 91.x.x.1
So I can't just add a route that 91.x.x.0/24 uses gateway 91.x.x.1?
Well I am thinking of scrapping the watchguards now and just getting an ASA instead if watchguard are going to require extras as well even on the latest models.
194.x.x.0/24 goes to gateway 194.x.x.1
91.x.x.0/24 goes to gateway 91.x.x.1
So I can't just add a route that 91.x.x.0/24 uses gateway 91.x.x.1?
Well I am thinking of scrapping the watchguards now and just getting an ASA instead if watchguard are going to require extras as well even on the latest models.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
internet-----router-------
|-1.1.1.1/24 |-1.1.1.2/24 [gw: 1.1.1.1]
|-2.1.1.1/24
Now if you add 2.1.1.x/24 on external interface then all the packets would go to router using 1.1.1.1 gateway.
OR you can add a network route for 2.1.1.0/24 with gateway as 1.1.1.1; no any packets for 2.1.1.x network would go to router.
If you wish to have all packets for 2.1.1.1 to go to a different router all together then in above scenario it would not be possible;
you can configure one of the interfaces on WG with 2.1.1.1 IP and then all packets for 2.1.1.1 would go through that interface to the specified gateway.
Please note with FB1000 you are restricted to just one WAN interface and other ports like trust/optional are fixed; however, in latest version 10.x you can configure any interface on the device to act as desired untrust/trust/optional interface.
I would like to mention here if you plan to purchase the latest FB models please be aware that all physical ports available on the device would not be usable out-of-box; you would need to purchase license to make all ports work.
Thank you.