We help IT Professionals succeed at work.

Watchguard - SG300 Vlans issue

High Priority
Last Modified: 2019-05-02
Hi all,

 I face an issue with a Watchguard firewall and a SG300 Cisco switch. I have 4 Watchguard interfaces as Vlans 1, 20, 30, 40 and I cannot make the SG switch to work. In the switch, I have the vlans 1, 20, 30, 40 and the three already connected switch ports to Watchguard, are members of the appropriate vlans (20,30,40).

The switch port 1 is untagged to vlan 1 and the connection is OK. With the three  vlans, 20, 30, 40,  the switchports are Access type,  to vlan 20, 30, 40 respectively.

The result is that that the vlans 20, 30, 40 are not working.

Does anybody can tell me the right SG300 switch port modes for the vlans 20,30,40?

Watch Question

Coolie SheppardSystems Engineer

So you have 4 separate interfaces, each with its own IP gateway?

On the switch, VLAN 1 works (I"m assuming your IP gateway is for VLAN1?)

What are you pinging on the other VLANs to determine its not working?

You technically could've just created sub-interfaces under the main interface in the firewall, VLAN tagged it, then on the switch port 1, created a trunk to allow all those VLAN's to pass through, then segment the other ports as you see fit.



thank you very much for your answer.

I have to follow some guide lines, and I cannot create sub interfaces. I have 4 separate interfaces, each one with its own GW.

Your assumption for the vlan 1 is correct.

In the WatchGuard I have:

- Interface 1, as physical, trusted interface (untagged)
- Interface 2, 3, 4 as VLans 20, 30, 40 (Tagged)

in the SG Switch, I'm OK with Vlan 1 as I have described. Switch ports  2, 3, 4 are connected directly to the WatchGuard (VLAN) interfaces 2, 3, 4.

The SG Ports mode is:

- Port 2 (Vlan20) = Switch port mode General - Vlan 20 Tagged
- Port 3 (Vlan30) = Switch port mode General - Vlan 30 Tagged
- Port 4 (Vlan40) = Switch port mode General - Vlan 40 Tagged

Is it correct to use General mode?

Thanks again
Systems Engineer
I would make those access ports then whatever you plug into other ports you'll need to change that port to the correct VLAN as well.


This is exact what I tried right now.

Thank you very much

Explore More ContentExplore courses, solutions, and other research materials related to this topic.