Parallel run two firewall

Posted on 2011-05-04
Last Modified: 2012-06-27

In order to deploy a new firewall for test, I have the following setup but somehow I found some problem.  Before deploy the new firewall for production, the old firewall still up and running for daily operations.


WAN Switch
   Port 1 -> int1 interface on new firewall
   Port 2 -> int2 interface on new firewall
   Port 3 -> Cable modem for cable connection (Secondary ISP)
   Port 4 -> ADSL modem for internet connection (Primary ISP)
   Port 5 -> Old firewall 1st WAN port
   Port 6 -> Old firewall 2nd WAN port
   Port 8 -> Uplink to LAN Switch port 16 (Using X-over cable)

LAN Switch

  Port 1 -> LAN interface on new firewall (ip
  Port 2 -> LAN interface on old firewall (ip
  Port 16 -> Uplink to WAN Switch port 8

The ADSL has two sets of public ip address assigned, one set for old firewall and one set for new firewall.  Same as cable modem, therefore I have separate public ip address in my test.
ip is the gateway ip for all production computer
ip is the proposed new gateway ip, will be assigned to all computer once the test is perfect.

Here is my problem, I found that if I connect like this, I am not able to ping from the production computer until I disconnect cable from Port 4 on WAN switch and connect the ADSL Ethernet port and the old firewall WAN port directly.

What is the problem here?  If I am not able to access to gateway, the production computer cannot access site to site vpn back to HQ.
Question by:KANEWONG
    LVL 9

    Assisted Solution

    What is the reason for the unprotected link between the WAN and LAN switches?
    LVL 5

    Accepted Solution

    Hmmm isn't the setup suppose to be
    wan connects to the cable and adsl modem.
    wan connects to the untrust zone of both firewall
    lan connects to both the trusted port of the firewall.
    lan connects to your local lan
    LVL 1

    Author Comment

    yes, I shouldn't uplink two switches.
    LVL 9

    Assisted Solution

    Creating an etherloop like that is what is taking down your network, most likely.
    LVL 1

    Author Comment

    I believed so, I reviewed my configuration again, and there is no reason to connect WAN switch and LAN switch together.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now