WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out our latest Quarterly Internet Security Report!
Solved
Firewall training lab with layer 3 switch
Posted on 2012-12-26
Hello all,
I would like to set a firewall training lab in my lab environment.
Materials i have ;
2 Fortinet 60C utm device
1 HP 2910al switch
2 PC with 2 Network Card
The Internet gateway will be 172.16.20.1
switch config
============
hostname "utm_lab"
module 1 type J9145A
ip routing >>>>>>>> i have to run this command for inter vlan comm ?
vlan 1
name "DEFAULT_VLAN"
untagged 6-24
no untagged 1-5
no ip address
exit
vlan 10
name "VLAN10"
untagged 1
ip address 10.0.10.254 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged 2
ip address 10.0.20.254 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged 3
ip address 10.0.30.254 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged 4
ip address 10.0.40.254 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged 5
ip address 172.16.20.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.20.1 >>> any dest. if dont know the route
UTM 1
======
wan1 : 10.0.10.1/24
wan2 : 10.0.20.1/24
int : 10.0.100.1 / 24
UTM 2
=====
wan1 : 10.0.30.1 /24
wan2 : 10.0.40.1 /24
int : 10.0.200.1 /24
From 10.0.100.254 ( windows2008r2 ) PC i can reach to all vlan (10-50) but can't reach to 172.16.20.1 , what is wrong in this config ? any idea
How can i use my device to create a useful lab area in other way ?
Thanks
I would like to set a firewall training lab in my lab environment.
Materials i have ;
2 Fortinet 60C utm device
1 HP 2910al switch
2 PC with 2 Network Card
The Internet gateway will be 172.16.20.1
switch config
============
hostname "utm_lab"
module 1 type J9145A
ip routing >>>>>>>> i have to run this command for inter vlan comm ?
vlan 1
name "DEFAULT_VLAN"
untagged 6-24
no untagged 1-5
no ip address
exit
vlan 10
name "VLAN10"
untagged 1
ip address 10.0.10.254 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged 2
ip address 10.0.20.254 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged 3
ip address 10.0.30.254 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged 4
ip address 10.0.40.254 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged 5
ip address 172.16.20.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.20.1 >>> any dest. if dont know the route
UTM 1
======
wan1 : 10.0.10.1/24
wan2 : 10.0.20.1/24
int : 10.0.100.1 / 24
UTM 2
=====
wan1 : 10.0.30.1 /24
wan2 : 10.0.40.1 /24
int : 10.0.200.1 /24
From 10.0.100.254 ( windows2008r2 ) PC i can reach to all vlan (10-50) but can't reach to 172.16.20.1 , what is wrong in this config ? any idea
How can i use my device to create a useful lab area in other way ?
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
5 Comments
can you please put your default route like:
ip route 0.0.0.0 0.0.0.0 vlan 50 172.16.20.1
also do you see your gateway ip 172.16.20.1 in arp table ?
ip route 0.0.0.0 0.0.0.0 vlan 50 172.16.20.1
also do you see your gateway ip 172.16.20.1 in arp table ?
I was testing this lab with HP 2620 and wrote <ip routing> command
but i didnt get any vlan interface ip add. on the arp table with this switch.
Then changed it to HP2910al and again write the <ip routing> command and it works now.
I didnt figure out why this lab didnt worked with HP2620 switch.
but i didnt get any vlan interface ip add. on the arp table with this switch.
Then changed it to HP2910al and again write the <ip routing> command and it works now.
I didnt figure out why this lab didnt worked with HP2620 switch.
i have achievement this task with opensource switch :)
http://openvswitch.org/
http://openvswitch.org/
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc.
This document explains the different types of consol…
Arrow Electronics was searching for a KVM (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
- Networking Hardware-Other
- Switches / Hubs
- Components
- ATEN Technology
- Hardware
- *Kernel-based Virtual Machine (KVM)
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB.
How Percona can help
Percona can help you determine if Percona Server for MongoDB is the right solution for …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
- Document Management
- Printers and Scanners
- Document Imaging
- Software-Other
- Images and Photos
- Adobe Acrobat, Photos / Graphics Software, Security, *scanning, *PDF
Suggested Courses
Course of the Month9 days, 19 hours left to enroll
609 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.