Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Replacing A Firewall. Keep the same IP for new firewall

Posted on 2013-11-09
2
Medium Priority
?
398 Views
Last Modified: 2013-11-09
I am replacing an existing Fortigate firewall that is currently at 10.1.201.2. I would like the new firewall to have the same ip address as the old firewall.

Before I replaced the old firewall, I verified that I could successfully ping it from a system with the ip address of 192.168.1.100

I configured the new firewall and first connected it directly to a PC with 10.2.201.99 (same subnet) address to verify that I could reach it via ping and via the admin interface of the new firewall so I know the configuration is correct.

I added the new firewall to our network by unplugging the old firewall and connecting the new firewall to the same port on the 3560 switch.

I added the hardware mac address of the new firewall to the 3560 switch using the commands:

configure terminal
mac-address-table static 0013.7233.b6ae vlan 201 interface fastEthernet 0/1
exit

Open in new window


and verified that the mac address was added using:
show mac-address table vlan

Open in new window


(I used Wireshark and ping to verify the mac address of the new firewall).

I can not ping the new firewall at 10.1.201.2 from 192.168.1.100 like I was expecting.

I would expect that If the new firewall is configured to use the same address as the old firewall and I added a static entry for the mac address to the switch that the switch would see the firewall.

Is there anything I am missing here?

Any suggestions?
0
Comment
Question by:Blackhawk_Church
2 Comments
 
LVL 9

Accepted Solution

by:
gt2847c earned 2000 total points
ID: 39636138
Does the new firewall have a route for the 192.168.1.x network?  If it does not, it may be trying to reply to your ping out the wrong interface (default route)...  You may need to add a static route to your new firewall.
0
 

Author Comment

by:Blackhawk_Church
ID: 39636273
That did the trick!! Thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Integration Management Part 2
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question