Solved

Cisco SG 300 and WatchGuard XTM firwall

Posted on 2014-11-03
5
42 Views
Last Modified: 2016-07-16
We Have a WatchGuard XTM505 Firewall
with IP address 192.168.4.1

And a cisco sg300 28 port switch with 3 VLAN :
VLAN60-192.168.60.2
VLAN50-192.168.50.2
VLAN40-192.168.40.2

Then how to provide internet in each vlan.

Please give your response its very urgent
0
Comment
Question by:Ashish Kumar
  • 3
5 Comments
 
LVL 62

Expert Comment

by:btan
ID: 40423043
This EE is similar to your use case, pls take a look. Mainly it is using XTM as the gateway to the internet and the switch to offload internal routing as you have also. All internet bound traffic will route thru XTM while internal traffic remains routing within the switch

e.g.  on watchguard i just configured one LAN interface with 172.16.10.10 and put some static route for my internal subnets to send to switch. and on switch got WG as default route.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28307078.html

Few points to note from posting excerpt
You don’t need all those “ip default-gateway” commands.  Only one will be needed and pointing to the watchguard.  That way, any traffic heading to a network that the switch doesn’t know about heads to the watchguard.
You also shouldn’t need any routes on the switch.  That, in fact, might be causing your packet loss.  The “ip route” command is used to tell the switch where to send traffic that is bound for networks it wouldn’t know about through other means.  What you are doing with the “ip route” commands you’ve typed in is telling the switch to send all traffic for vlans 12-15 to the watchguard instead of routing it like it should.
it occurs to me that you are doing all your routing on the SG300 switch and not the watchguard.  In that case, you shouldn’t need to have an address for each vlan on your watchguard.  What I would do is make another vlan that the switch and watchguard will use to communicate.  The switch should only have that vlan on the interface that is attached to the watchguard, and then you would have to add routes on the watchgaurd for each vlan pointing to the switch.
my problem of packets loss or complete ping loss was due to cisco SG-300 switch was not capable enough to handle our traffic. so we ended up replacing it with Cisco WS C3750x series switch
online help XTM doc can be handy
http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/networksetup/interfaces_config_c.html
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41714497
The use case us covered in the links. Specifically the working cobfig as example is shared for reference.

https://www.experts-exchange.com/questions/28307078/Watchguard-VLANs-with-Cisco-SG300.html#a39705589

 One single gateway for Internet and configured for each vlan to default route it
0
 
LVL 62

Expert Comment

by:btan
ID: 41714499
For consideration of ID: 41714497 as solution.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLANs Design 7 67
Eigrp versus OSPF in a ring topology 3 73
gns3 - switchport trunk allow vlan error 4 59
Setting up a VPN 60 140
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question