[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Parallel run two firewall

Posted on 2011-05-04
5
Medium Priority
?
490 Views
Last Modified: 2012-06-27
Hi;

In order to deploy a new firewall for test, I have the following setup but somehow I found some problem.  Before deploy the new firewall for production, the old firewall still up and running for daily operations.

Setup

WAN Switch
   Port 1 -> int1 interface on new firewall
   Port 2 -> int2 interface on new firewall
   Port 3 -> Cable modem for cable connection (Secondary ISP)
   Port 4 -> ADSL modem for internet connection (Primary ISP)
   Port 5 -> Old firewall 1st WAN port
   Port 6 -> Old firewall 2nd WAN port
   Port 8 -> Uplink to LAN Switch port 16 (Using X-over cable)

LAN Switch

  Port 1 -> LAN interface on new firewall (ip 192.168.0.254)
  Port 2 -> LAN interface on old firewall (ip 192.168.0.1)
  Port 16 -> Uplink to WAN Switch port 8

The ADSL has two sets of public ip address assigned, one set for old firewall and one set for new firewall.  Same as cable modem, therefore I have separate public ip address in my test.
ip 192.168.0.1 is the gateway ip for all production computer
ip 192.168.0.254 is the proposed new gateway ip, will be assigned to all computer once the test is perfect.

Here is my problem, I found that if I connect like this, I am not able to ping 192.168.0.1 from the production computer until I disconnect cable from Port 4 on WAN switch and connect the ADSL Ethernet port and the old firewall WAN port directly.

What is the problem here?  If I am not able to access to 192.168.0.1 gateway, the production computer cannot access site to site vpn back to HQ.
0
Comment
Question by:KANEWONG
  • 2
  • 2
5 Comments
 
LVL 9

Assisted Solution

by:Brian
Brian earned 1200 total points
ID: 35695851
What is the reason for the unprotected link between the WAN and LAN switches?
0
 
LVL 5

Accepted Solution

by:
dr_shivan earned 800 total points
ID: 35696300
Hmmm isn't the setup suppose to be
wan connects to the cable and adsl modem.
wan connects to the untrust zone of both firewall
lan connects to both the trusted port of the firewall.
lan connects to your local lan
0
 
LVL 1

Author Comment

by:KANEWONG
ID: 35698928
yes, I shouldn't uplink two switches.
0
 
LVL 9

Assisted Solution

by:Brian
Brian earned 1200 total points
ID: 35700952
Creating an etherloop like that is what is taking down your network, most likely.
0
 
LVL 1

Author Comment

by:KANEWONG
ID: 35702109
I believed so, I reviewed my configuration again, and there is no reason to connect WAN switch and LAN switch together.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question