Paul Walsh
asked on
Watchguard config for new setup with 3 VLANS
Hi All,
We are currently configuring a wifi solution for several hospitality suites. The Internet feed has been installed and we will be using a Watchguard Firewall with three Vlans. One for management that will host the switches and Access points. And two for connections to the outside world. One VLAN will be used to broadcast the SSID the second is for private use.
What is the best way to configure the Watchguard Firewall. I was thinking to have one interface for each vlan. IE trusted for Management, and then a seperate interface each for the other two. Or would it better to leave the trusted interface alone and configure one of the other interfaces for vlan use and put all three VLANS on this one. Or is there a better way of doing this?
Thanks for your help.
Paul
We are currently configuring a wifi solution for several hospitality suites. The Internet feed has been installed and we will be using a Watchguard Firewall with three Vlans. One for management that will host the switches and Access points. And two for connections to the outside world. One VLAN will be used to broadcast the SSID the second is for private use.
What is the best way to configure the Watchguard Firewall. I was thinking to have one interface for each vlan. IE trusted for Management, and then a seperate interface each for the other two. Or would it better to leave the trusted interface alone and configure one of the other interfaces for vlan use and put all three VLANS on this one. Or is there a better way of doing this?
Thanks for your help.
Paul
ASKER
That is a very good point about the vlans. I was more thinking as we have free interfaces for disaster recovery. In the unlikely event that a port fails on the watchguard then we only lost that connection not all of them. But I suppose it isn’t too much hassle just to reconfigure another interface. Would you have all three Vlans in the default trusted interface then or have two interfaces setup. The default trusted and a second interface for the Vlans?
Thanks for your help.
Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ensure you have adequate DHCP per VLAN. (different IP Addresses, and DNS lookup).
If you want to make it more complicated you could use an interface per VLAN, but then why the use of VLANs, if all traffic is physically isolated, there is no need to use VLANs, unless it makes it easier for WiFi Access Point, SSID per VLAN