Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco SG 300 and WatchGuard XTM firwall

Posted on 2014-11-03
5
Medium Priority
?
78 Views
Last Modified: 2016-07-16
We Have a WatchGuard XTM505 Firewall
with IP address 192.168.4.1

And a cisco sg300 28 port switch with 3 VLAN :
VLAN60-192.168.60.2
VLAN50-192.168.50.2
VLAN40-192.168.40.2

Then how to provide internet in each vlan.

Please give your response its very urgent
0
Comment
Question by:Ashish Kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 64

Expert Comment

by:btan
ID: 40423043
This EE is similar to your use case, pls take a look. Mainly it is using XTM as the gateway to the internet and the switch to offload internal routing as you have also. All internet bound traffic will route thru XTM while internal traffic remains routing within the switch

e.g.  on watchguard i just configured one LAN interface with 172.16.10.10 and put some static route for my internal subnets to send to switch. and on switch got WG as default route.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28307078.html

Few points to note from posting excerpt
You don’t need all those “ip default-gateway” commands.  Only one will be needed and pointing to the watchguard.  That way, any traffic heading to a network that the switch doesn’t know about heads to the watchguard.
You also shouldn’t need any routes on the switch.  That, in fact, might be causing your packet loss.  The “ip route” command is used to tell the switch where to send traffic that is bound for networks it wouldn’t know about through other means.  What you are doing with the “ip route” commands you’ve typed in is telling the switch to send all traffic for vlans 12-15 to the watchguard instead of routing it like it should.
it occurs to me that you are doing all your routing on the SG300 switch and not the watchguard.  In that case, you shouldn’t need to have an address for each vlan on your watchguard.  What I would do is make another vlan that the switch and watchguard will use to communicate.  The switch should only have that vlan on the interface that is attached to the watchguard, and then you would have to add routes on the watchgaurd for each vlan pointing to the switch.
my problem of packets loss or complete ping loss was due to cisco SG-300 switch was not capable enough to handle our traffic. so we ended up replacing it with Cisco WS C3750x series switch
online help XTM doc can be handy
http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/networksetup/interfaces_config_c.html
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41714497
The use case us covered in the links. Specifically the working cobfig as example is shared for reference.

https://www.experts-exchange.com/questions/28307078/Watchguard-VLANs-with-Cisco-SG300.html#a39705589

 One single gateway for Internet and configured for each vlan to default route it
0
 
LVL 64

Expert Comment

by:btan
ID: 41714499
For consideration of ID: 41714497 as solution.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question