Solved

Dell Layer 3 switch - cant change out Firewall/Gateway

Posted on 2014-11-12
6
143 Views
Last Modified: 2016-11-23
I am working on removing a Watchguard firewall that is acting as a default gateway & firewall for a network.  It is getting replaced by a Cyberoam firewall.  

I am unable to gain access to the WatchGuard's GUI/CLI as the person who supported this network before me is unwilling to give any of the credentials to the network owner or me.

Here is what I know for certain:

The WatchGuards IP is 10.1.0.254
It acts as the default gateway for all devices on all the VLANS, without it there is no internet connectivity
I believe its mask is /25 (judging by how one of the VLANs is setup)
The layer 3 switches have a default route of 0.0.0.0/0 via 10.1.0.254
The WatchGuard receives the incoming WAN connection via a bridged ISP cable modem
From the WatchGuard the next hop is a Dell Layer 3 switch's Gigabit "Stack" port


Here is the problem:

I configured the cyberoam's WAN interface to work with the public IP range which I have confirmed with the ISP.  I configured the cyberoams LAN interface to be 10.1.0.254 /25.  I removed the WatchGuard and put the Cyberoam in its place.  At this point, the Cyberoam (with its 10.1.0.254 LAN interface) does not show up on the network.  Ping'ing 10.1.0.254 from a workstation yields nothing.  Pinging it from a L2 switch yields nothing.  If I plug my laptop directly into the Cyberoams LAN port and configure my laptop to use it as my gateway I am able to A) ping the cyberoam and B) get out to the internet.  The issue appears to be with the next hop (the Dell L3 switch).  

Putting the WatchGuard back in place and powering it on restores connectivity.  I have triple checked the gateway settings on the workstations, switches and the Cyberoam.  I have manipulated settings on the cyberoam and the Dell L3 switch where possible, but I have been unable to resolve this.  

I am assuming there is a setting/config in the L3 switch that I am not considering that is killing the incoming connection.  Does anyone have any ideas?
0
Comment
Question by:ntobin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40439346
What ip addresses do workstations get? If they are not in that subnet, they have a different gateway. Each subnet/vlan will have its own gateway in that vlan.
0
 
LVL 1

Author Comment

by:ntobin
ID: 40439768
My logic was that the current firewall has an IP address of 10.1.0.254 /25 in VLAN 999, so I thought I could configure the new firewall with identical settings and have it "plug + Play" essentially.  

Is this not how it should work?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40440198
It's part of how it should work. You need to identify ALL the subnets and gateway addresses for all the interfaces on the router. To exit a subnet, you go out the gateway for that subnet.
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 1

Expert Comment

by:Dale McKay
ID: 40444894
Please post the Dell switch config
0
 
LVL 1

Accepted Solution

by:
ntobin earned 0 total points
ID: 40457868
Sorry for letting this hit the back burner, but we figured out what resolved this issue with the support of the firewall vendor.  
On a normal config we do not need to explicitly setup a static route , but because we have more than one vlan in this setup the firewall needed a static route that summarized all the subnets.  

So putting a static route of 10.0.0.0 /8 in the firewall resolved this.
0
 
LVL 1

Author Closing Comment

by:ntobin
ID: 40807601
Vendor resolved issue
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Centos 6.5 Install On VMware Workstation 12 Problem 46 161
Performance monitors 6 71
software inventory tools 3 90
Perc RAID Controller Poweredge T110 3 104
I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually. Ever had this experience and just need to get the …
Transparency shows that a company is the kind of business that it wants people to think it is.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question