Dell Layer 3 switch - cant change out Firewall/Gateway

I am working on removing a Watchguard firewall that is acting as a default gateway & firewall for a network.  It is getting replaced by a Cyberoam firewall.  

I am unable to gain access to the WatchGuard's GUI/CLI as the person who supported this network before me is unwilling to give any of the credentials to the network owner or me.

Here is what I know for certain:

The WatchGuards IP is 10.1.0.254
It acts as the default gateway for all devices on all the VLANS, without it there is no internet connectivity
I believe its mask is /25 (judging by how one of the VLANs is setup)
The layer 3 switches have a default route of 0.0.0.0/0 via 10.1.0.254
The WatchGuard receives the incoming WAN connection via a bridged ISP cable modem
From the WatchGuard the next hop is a Dell Layer 3 switch's Gigabit "Stack" port


Here is the problem:

I configured the cyberoam's WAN interface to work with the public IP range which I have confirmed with the ISP.  I configured the cyberoams LAN interface to be 10.1.0.254 /25.  I removed the WatchGuard and put the Cyberoam in its place.  At this point, the Cyberoam (with its 10.1.0.254 LAN interface) does not show up on the network.  Ping'ing 10.1.0.254 from a workstation yields nothing.  Pinging it from a L2 switch yields nothing.  If I plug my laptop directly into the Cyberoams LAN port and configure my laptop to use it as my gateway I am able to A) ping the cyberoam and B) get out to the internet.  The issue appears to be with the next hop (the Dell L3 switch).  

Putting the WatchGuard back in place and powering it on restores connectivity.  I have triple checked the gateway settings on the workstations, switches and the Cyberoam.  I have manipulated settings on the cyberoam and the Dell L3 switch where possible, but I have been unable to resolve this.  

I am assuming there is a setting/config in the L3 switch that I am not considering that is killing the incoming connection.  Does anyone have any ideas?
LVL 1
ntobinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskySD-WAN SimplifiedCommented:
What ip addresses do workstations get? If they are not in that subnet, they have a different gateway. Each subnet/vlan will have its own gateway in that vlan.
0
ntobinAuthor Commented:
My logic was that the current firewall has an IP address of 10.1.0.254 /25 in VLAN 999, so I thought I could configure the new firewall with identical settings and have it "plug + Play" essentially.  

Is this not how it should work?
0
Aaron TomoskySD-WAN SimplifiedCommented:
It's part of how it should work. You need to identify ALL the subnets and gateway addresses for all the interfaces on the router. To exit a subnet, you go out the gateway for that subnet.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Dale McKayGlobal Principal ArchitectCommented:
Please post the Dell switch config
0
ntobinAuthor Commented:
Sorry for letting this hit the back burner, but we figured out what resolved this issue with the support of the firewall vendor.  
On a normal config we do not need to explicitly setup a static route , but because we have more than one vlan in this setup the firewall needed a static route that summarized all the subnets.  

So putting a static route of 10.0.0.0 /8 in the firewall resolved this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ntobinAuthor Commented:
Vendor resolved issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.