Solved

Watchguard Firebox how to add a 2nd External interface

Posted on 2011-02-22
8
1,444 Views
Last Modified: 2012-05-11
Hi Firebox Experts

A client has a Firebox X750e. I am a Firebox newbie!

Their ISP has assigned a second range of external IP addresses so that their router has 185.x.x.7/24 and 62.x.x.43/24.
Currently Eth0 [External] on the Firebox has ip 62.x.x.42 as the external interface with 62.x.x.43 as the gateway.
How do I configure the Firebox to ALSO USE 185.x.x.6 as an interface with 185.x.x.7 as a gateway? Detailed instructions would really help :-)
Many thanks
0
Comment
Question by:Winfix1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 34957740
You have option to use either multi-WAN would be licensed if not currently available; OR add 185.x.x.6 as secondary network on external interface.
The ISP would need to configure the router to forward all packet for 185.x.x.x subnet to 185.x.x.6.

If you go with approach I [multi-WAN] then you get failover option; and can load-balance traffic on both links.
With approach II you only get additional IPs but not redundancy.

For steps using approach II on adding secondary network:
Policy Manager->Network->Configuration; select External and click Configure...; click Secondary; specify 185.x.x.6 IP with relevant mask.
You can now use this IP address in your policy. If you have multiple IPs in 185.x.x.x range, then add all IPs one by one.

For configuring multi-WAN, please read below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1289

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:Winfix1
ID: 34958925
Thanks dpk_wal.

I read some Firebox docs which said that the Secondary IP option was only for adding an IP in the same range as the primary IP? ie sio it has a Primary IP of 62.x.x.42 & secondary IP of 62.x.x.43

Please can you clarify.

Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34959322
This is true if you are using an older version of WG software; and applies only to aliases on external interface; with newer software which x750e must be running [i think you would at least be on version 9.x] this should not be a problem.

Thank you.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:Winfix1
ID: 34959425
Thanks. The System manager says X750e running Fireware XTM v11.0. Should that be OK?

0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34959707
Yes that almost latest; I think 11.4 is...but not 100% sure.

Please implement and update.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186209
A solution has been posted # 34957740; question should not be deleted IMO.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question