Solved

Cisco SG 300 and WatchGuard XTM firwall

Posted on 2014-11-03
5
53 Views
Last Modified: 2016-07-16
We Have a WatchGuard XTM505 Firewall
with IP address 192.168.4.1

And a cisco sg300 28 port switch with 3 VLAN :
VLAN60-192.168.60.2
VLAN50-192.168.50.2
VLAN40-192.168.40.2

Then how to provide internet in each vlan.

Please give your response its very urgent
0
Comment
Question by:Ashish Kumar
  • 3
5 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40423043
This EE is similar to your use case, pls take a look. Mainly it is using XTM as the gateway to the internet and the switch to offload internal routing as you have also. All internet bound traffic will route thru XTM while internal traffic remains routing within the switch

e.g.  on watchguard i just configured one LAN interface with 172.16.10.10 and put some static route for my internal subnets to send to switch. and on switch got WG as default route.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28307078.html

Few points to note from posting excerpt
You don’t need all those “ip default-gateway” commands.  Only one will be needed and pointing to the watchguard.  That way, any traffic heading to a network that the switch doesn’t know about heads to the watchguard.
You also shouldn’t need any routes on the switch.  That, in fact, might be causing your packet loss.  The “ip route” command is used to tell the switch where to send traffic that is bound for networks it wouldn’t know about through other means.  What you are doing with the “ip route” commands you’ve typed in is telling the switch to send all traffic for vlans 12-15 to the watchguard instead of routing it like it should.
it occurs to me that you are doing all your routing on the SG300 switch and not the watchguard.  In that case, you shouldn’t need to have an address for each vlan on your watchguard.  What I would do is make another vlan that the switch and watchguard will use to communicate.  The switch should only have that vlan on the interface that is attached to the watchguard, and then you would have to add routes on the watchgaurd for each vlan pointing to the switch.
my problem of packets loss or complete ping loss was due to cisco SG-300 switch was not capable enough to handle our traffic. so we ended up replacing it with Cisco WS C3750x series switch
online help XTM doc can be handy
http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/networksetup/interfaces_config_c.html
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 41714497
The use case us covered in the links. Specifically the working cobfig as example is shared for reference.

https://www.experts-exchange.com/questions/28307078/Watchguard-VLANs-with-Cisco-SG300.html#a39705589

 One single gateway for Internet and configured for each vlan to default route it
0
 
LVL 63

Expert Comment

by:btan
ID: 41714499
For consideration of ID: 41714497 as solution.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question