Solved

Cisco SG 300 and WatchGuard XTM firwall

Posted on 2014-11-03
5
28 Views
Last Modified: 2016-07-16
We Have a WatchGuard XTM505 Firewall
with IP address 192.168.4.1

And a cisco sg300 28 port switch with 3 VLAN :
VLAN60-192.168.60.2
VLAN50-192.168.50.2
VLAN40-192.168.40.2

Then how to provide internet in each vlan.

Please give your response its very urgent
0
Comment
Question by:Ashish Kumar
  • 3
5 Comments
 
LVL 61

Expert Comment

by:btan
ID: 40423043
This EE is similar to your use case, pls take a look. Mainly it is using XTM as the gateway to the internet and the switch to offload internal routing as you have also. All internet bound traffic will route thru XTM while internal traffic remains routing within the switch

e.g.  on watchguard i just configured one LAN interface with 172.16.10.10 and put some static route for my internal subnets to send to switch. and on switch got WG as default route.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28307078.html

Few points to note from posting excerpt
You don’t need all those “ip default-gateway” commands.  Only one will be needed and pointing to the watchguard.  That way, any traffic heading to a network that the switch doesn’t know about heads to the watchguard.
You also shouldn’t need any routes on the switch.  That, in fact, might be causing your packet loss.  The “ip route” command is used to tell the switch where to send traffic that is bound for networks it wouldn’t know about through other means.  What you are doing with the “ip route” commands you’ve typed in is telling the switch to send all traffic for vlans 12-15 to the watchguard instead of routing it like it should.
it occurs to me that you are doing all your routing on the SG300 switch and not the watchguard.  In that case, you shouldn’t need to have an address for each vlan on your watchguard.  What I would do is make another vlan that the switch and watchguard will use to communicate.  The switch should only have that vlan on the interface that is attached to the watchguard, and then you would have to add routes on the watchgaurd for each vlan pointing to the switch.
my problem of packets loss or complete ping loss was due to cisco SG-300 switch was not capable enough to handle our traffic. so we ended up replacing it with Cisco WS C3750x series switch
online help XTM doc can be handy
http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/networksetup/interfaces_config_c.html
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 41714497
The use case us covered in the links. Specifically the working cobfig as example is shared for reference.

https://www.experts-exchange.com/questions/28307078/Watchguard-VLANs-with-Cisco-SG300.html#a39705589

 One single gateway for Internet and configured for each vlan to default route it
0
 
LVL 61

Expert Comment

by:btan
ID: 41714499
For consideration of ID: 41714497 as solution.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now