• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

Routing problem

I have an office with 2 branches A & B connected with each other via fiber optic cable (2MB/2MB) from 1 switch port in branch A to another port on the switch in branch B (bridge mode). Branch A has a DHCP server that serves branches A & B.
LAN: 192.168.100.0 GW: 192.168.100.1
 Branch A has a fortiwifi 60B FW with an internet connection that acts as a gateway for BRANCH A and B. When branch B computers are surfing on the internet they take up all of my fiber optic line (2MB/2MB).
I am buying a new Fortiwifi 80c FW tomorrow and I will replace the fortiwifi 60B FW with the 80C one and put the Fortiwifi 60B FW in branch B for internet access for branch B users only, this way I can free my  fiber optic line.
How can I configure on branch A the DHCP server to give out to branch B computers to have access to branch A computers but with access to the internet via branch B Fortiwifi 60B FW?
Please help!
0
Sharoness
Asked:
Sharoness
  • 4
  • 4
  • 3
1 Solution
 
joelvpCommented:
Normally you would have to create 2 separate subnets, one for Branch A and one for Branch B. Then in the DHCP server you create 2 different scopes. For this to work, you do need to have a router on both sides or a routing switch (L3 switch). What type of switches are present in the Branch offices?
0
 
simon_m_Commented:
Unless you want to go to separate subnets at each site ( in which case your switches would need to support L3 ), you need to somehow tell the PCs at Branch B to use a different default gateway.  If you only have a handful of PCs you could run some kind of script that overrides the default gateway :-

route add 0.0.0.0 mask 0.0.0.0   192.168.100.x

Where x is the IP address of the fortinet at site B.

If you have active directory and login scripts etc, then you could just put the computers at site B in their own OU and assign the script to that.
0
 
SharonessAuthor Commented:
I have a Layer 2 switch on both sides and i will like to keep the same subnet on both sides if possible. but what is the best way for me to make this work : I have no proble buying layer 3 switches. is it a better solution than a script?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SharonessAuthor Commented:
ps do i need 2 layer 3 switches on both sides?
0
 
simon_m_Commented:
How many users do you have at each site ?
0
 
joelvpCommented:
- You need a layer 3 switch on each site
- Having separate subnets is in general a better solution, because it also prevents broadcast traffic from crossing the WAN, however as it requires (a little) more configuration and L3 equipment there is extra work and money involved. As Simon says, it is important to know how many users there are on each side, to judge if it is worthwhile.
- as you have only 2Mbit of bandwidth over the WAN, in stead of buying a L3 switch, you can also get a cheap lowend (old model) router. This would be to save money, but it may be more configuration work
0
 
SharonessAuthor Commented:
In Branch B I have 5 PC only,
0
 
joelvpCommented:
ok, don't bother and go for the script solution as suggested by Simon
0
 
simon_m_Commented:
I was going to say if you only have a small number of users then a L3 switch is mostprobably overkill.  I agree that L3 switch would be better for performance in terms of keeping down broadcasts etc, but you would have to potentially change the way networking is working ( like WINS if you've got old stuff etc).

For just 5 PCs you could even have static IP addresses, and set the IP, default gateway, DNS etc. Remember if you have active directory  server DNS still needs to point at your main windows DC.

The downside is if people switch between offices, and take their PCs with them  as you will have to make manual changes every time..  a L3 switch would make it all automatic.
0
 
SharonessAuthor Commented:
OK I agree that the script is a much simpler step, and alos my 5 uses are always on the move, they go in and out of Branch B, so i cant use a fix ip.

but lets say that i would use the LAyer3 switch, i would have to creat 2 Vlans right?
0
 
simon_m_Commented:
Hi,  couple of points ..

1. Even with a script you'll have to move users around in active directory, otherwise how will the script realise the users are in site B rather than site A.

2. With the L3 switches you would normally create 2 VLANs. You could get away with just 1 L3 switch, but you'd loose the benefit of keeping down broadcasts etc, however with 5 users that isn't really a problem.   I've done it with HP switches before, you create the 2nd vlan, and give it an IP address ( default gateway for the new vlan), and enable routing between the 2 vlans.  You would also need to then either set up the fortinet at site B as a DHCP server, or create an aditional DHCP scope at your main site, and enable DHCP relay on the L3 switch.

You may be able to use the DMZ port on the fortinet to somehow link the 2 sites together and have 2 separate subnets.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now