asked on Firewall to ink out two company
I have mission to implement firewall to link the two company from different floor which is 1st floor and 5th floor.Both company have their own network and internet gateway .1st floor gateway is 192.168.100.1 and 5th floor gateway is 192.168.1.1.Our mission actually is use the firewall to link this company network together without major change in client site and both network should be interlink .I already draft the diagram before and after.I believe from my design from the 192.168.1.0/network should be able to connect to 192.16.100.0/24 network because all the client gateway is 192.168.1.1 but from the 1st floor due to all the client is 192.168.100.1 so this may not connect to the 192.168.1.0/24 ,please advise how to overcome this issue.
Before-firewall-implementation.jpg
After-firewall-implementation.jpg
Before-firewall-implementation.jpg
After-firewall-implementation.jpg
Hardware FirewallsNetworkingIT Administration
Last Comment
MarcusSjogren
ASKER
I think Salah you are the person to advice me on another topic ,welcome again to give me advice.Yes,company is merge but what customer would to control the traffic also .
Hi,
Which customer and which traffic?
RB
Salah
Which customer and which traffic?
RB
Salah
ASKER
Both
Hi,
There is a lot of option:
Do they want to keep both internet access or just one and decrease the Internet cost?
Do they want to use one domain and merge the servers or keep each company using there old domains?
Please share more details about you merging plan.
Regards.
Salah
There is a lot of option:
Do they want to keep both internet access or just one and decrease the Internet cost?
Do they want to use one domain and merge the servers or keep each company using there old domains?
Please share more details about you merging plan.
Regards.
Salah
ASKER
They still want to keep thier own Internet, plan I already state at above. Thanks
ASKER
Forgot mention about domain because both company also don't have domain controller.
what about ip address attribution, is configured is static way or using a dhcp server?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
192.168.100.0/24 is using window server DHCP and 192.168.1.0/24 is using DHCP server in router .Basically I will not change thier DHCP and in the firewall I will turn off the DHCP.
Hi,
DHCP is irrelevant as long as the hosts are usin the .1 addresses as gateway, but you have to tell the router 100.1 that 192.168.1.0/24 is available via 192.168.100.2
DHCP is irrelevant as long as the hosts are usin the .1 addresses as gateway, but you have to tell the router 100.1 that 192.168.1.0/24 is available via 192.168.100.2
ASKER
Where to tell the router 100.1 that 192.168.1.0/24 is available via 192.168.100.2 ? Is in the 192.168.100.1 then create the static route ?
Yes - create a static route in 192.168.100.1
ASKER
If in the 100.1 router can not adding static route may I know what is the alternative solution, if I just add another gateway in NIC can work ?
Hi,
No that is definitely not a good solution. What unit (manufacturer + model) is 192.168.100.1?
No that is definitely not a good solution. What unit (manufacturer + model) is 192.168.100.1?
ASKER
Thanks..MarcusSjogen ,I just finished the project I was no problem to add the static route in router 192.168.100.1.
In beginning I configure the firewall I define 192.168.100.0 as LAN2 and 192.168.1.0 as LAN1,then I configure the policy allow any LAN1 to LAN2 and I try to ping directly in firewall there was no problem and I able to reach to all the nodes in 192.168.100.0
But I tested the connection in my PC try to reach 192.168.100.0 is failed. After that I try to enable the NAT in the policy then can work .Please advice why need to enable NAT then traffic can flow from 192.168.1.0 to 192.168.100.0.Thanks
In beginning I configure the firewall I define 192.168.100.0 as LAN2 and 192.168.1.0 as LAN1,then I configure the policy allow any LAN1 to LAN2 and I try to ping directly in firewall there was no problem and I able to reach to all the nodes in 192.168.100.0
But I tested the connection in my PC try to reach 192.168.100.0 is failed. After that I try to enable the NAT in the policy then can work .Please advice why need to enable NAT then traffic can flow from 192.168.1.0 to 192.168.100.0.Thanks
Hi,
I am not sure why that is and I don't know what brand the firewall is and I don't know where you had to enable the NAT.
The only explanation I can come up with is that one of the devices did not have a route to the other network.
NAT translates the source IP to the IP of the egress interface (usually) and then no routing is needed.
Please post the routing table of both units, then maybe I get a better view.
I am not sure why that is and I don't know what brand the firewall is and I don't know where you had to enable the NAT.
The only explanation I can come up with is that one of the devices did not have a route to the other network.
NAT translates the source IP to the IP of the egress interface (usually) and then no routing is needed.
Please post the routing table of both units, then maybe I get a better view.
Have tho both companies merged?? why need to use a firewall? it's possible to connect the both network together.
Regards.
Salah