Solved

Watchguard Firebox how to add a 2nd External interface

Posted on 2011-02-22
8
1,406 Views
Last Modified: 2012-05-11
Hi Firebox Experts

A client has a Firebox X750e. I am a Firebox newbie!

Their ISP has assigned a second range of external IP addresses so that their router has 185.x.x.7/24 and 62.x.x.43/24.
Currently Eth0 [External] on the Firebox has ip 62.x.x.42 as the external interface with 62.x.x.43 as the gateway.
How do I configure the Firebox to ALSO USE 185.x.x.6 as an interface with 185.x.x.7 as a gateway? Detailed instructions would really help :-)
Many thanks
0
Comment
Question by:Winfix1
  • 4
  • 2
8 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 34957740
You have option to use either multi-WAN would be licensed if not currently available; OR add 185.x.x.6 as secondary network on external interface.
The ISP would need to configure the router to forward all packet for 185.x.x.x subnet to 185.x.x.6.

If you go with approach I [multi-WAN] then you get failover option; and can load-balance traffic on both links.
With approach II you only get additional IPs but not redundancy.

For steps using approach II on adding secondary network:
Policy Manager->Network->Configuration; select External and click Configure...; click Secondary; specify 185.x.x.6 IP with relevant mask.
You can now use this IP address in your policy. If you have multiple IPs in 185.x.x.x range, then add all IPs one by one.

For configuring multi-WAN, please read below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1289

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:Winfix1
ID: 34958925
Thanks dpk_wal.

I read some Firebox docs which said that the Secondary IP option was only for adding an IP in the same range as the primary IP? ie sio it has a Primary IP of 62.x.x.42 & secondary IP of 62.x.x.43

Please can you clarify.

Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34959322
This is true if you are using an older version of WG software; and applies only to aliases on external interface; with newer software which x750e must be running [i think you would at least be on version 9.x] this should not be a problem.

Thank you.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Winfix1
ID: 34959425
Thanks. The System manager says X750e running Fireware XTM v11.0. Should that be OK?

0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34959707
Yes that almost latest; I think 11.4 is...but not 100% sure.

Please implement and update.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186209
A solution has been posted # 34957740; question should not be deleted IMO.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question