Solved

WatchGuard - Configuring 2 External Interface IPs for Separated Outbound Traffic

Posted on 2014-04-11
4
624 Views
Last Modified: 2014-04-21
I have a WatchGuard XTM 26-W that is configured with two wireless access points. One is set to bridge to a trusted interface, the other is set to bridge to a separate trusted interface. I already have the first trusted interface working / using the first External interface on the WG, but the second wireless/trusted interface also seems to be using the first External interface. I would like for the second Wireless Access / trusted interface traffic, both inbound and outbound, to flow through the second External interface / IP address.

Is this possible?
0
Comment
Question by:TogaMario
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 250 total points
ID: 39995366
Yes.  You need fireware PRO.  Then you create seperate rules.for the second AP and use policy based routing (PBR) to force the traffic to the second external interface.

~Jon
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39995980
you can also specify the interface in the nat rule

http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/nat_dynamic_firewall_add_c.html%3FTocPath%3DNetwork%20Address%20Translation%20%28NAT%29|About%20Dynamic%20NAT|_____1

i'd assume the source addresses are not the same so you would configure one NAT rule per subnet with the corresponding interface. watchguard shoud be able to use the proper IP (doc 2 pages below states so)

if your multi-wan setting is correct (or if they are tunnel interfaces) the watchguard should select the proper routes. if not, see here http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/multiwan/routing_table_configure_c.html%3FTocPath%3DMulti-WAN|Configure%20Routing%20Table|_____0
0
 

Author Comment

by:TogaMario
ID: 40000873
Thank you for the fast turn-around. I will update as soon as I have access to the system again and am able to test these out.
0
 

Author Closing Comment

by:TogaMario
ID: 40013654
That's exactly what I was looking for. Thanks, Jon
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now