Solved

Cisco SG 300 and WatchGuard XTM firwall

Posted on 2014-11-03
5
48 Views
Last Modified: 2016-07-16
We Have a WatchGuard XTM505 Firewall
with IP address 192.168.4.1

And a cisco sg300 28 port switch with 3 VLAN :
VLAN60-192.168.60.2
VLAN50-192.168.50.2
VLAN40-192.168.40.2

Then how to provide internet in each vlan.

Please give your response its very urgent
0
Comment
Question by:Ashish Kumar
  • 3
5 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40423043
This EE is similar to your use case, pls take a look. Mainly it is using XTM as the gateway to the internet and the switch to offload internal routing as you have also. All internet bound traffic will route thru XTM while internal traffic remains routing within the switch

e.g.  on watchguard i just configured one LAN interface with 172.16.10.10 and put some static route for my internal subnets to send to switch. and on switch got WG as default route.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28307078.html

Few points to note from posting excerpt
You don’t need all those “ip default-gateway” commands.  Only one will be needed and pointing to the watchguard.  That way, any traffic heading to a network that the switch doesn’t know about heads to the watchguard.
You also shouldn’t need any routes on the switch.  That, in fact, might be causing your packet loss.  The “ip route” command is used to tell the switch where to send traffic that is bound for networks it wouldn’t know about through other means.  What you are doing with the “ip route” commands you’ve typed in is telling the switch to send all traffic for vlans 12-15 to the watchguard instead of routing it like it should.
it occurs to me that you are doing all your routing on the SG300 switch and not the watchguard.  In that case, you shouldn’t need to have an address for each vlan on your watchguard.  What I would do is make another vlan that the switch and watchguard will use to communicate.  The switch should only have that vlan on the interface that is attached to the watchguard, and then you would have to add routes on the watchgaurd for each vlan pointing to the switch.
my problem of packets loss or complete ping loss was due to cisco SG-300 switch was not capable enough to handle our traffic. so we ended up replacing it with Cisco WS C3750x series switch
online help XTM doc can be handy
http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/networksetup/interfaces_config_c.html
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 41714497
The use case us covered in the links. Specifically the working cobfig as example is shared for reference.

https://www.experts-exchange.com/questions/28307078/Watchguard-VLANs-with-Cisco-SG300.html#a39705589

 One single gateway for Internet and configured for each vlan to default route it
0
 
LVL 63

Expert Comment

by:btan
ID: 41714499
For consideration of ID: 41714497 as solution.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question