Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 1200 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Segmentation IP Address

Nanang TC 
Help me
I will segment my network. I currently use 3 internet connections. my plan is ip address 
192.168.x.xx joined ISP A
192.168.x.xx joined ISP B
192.168.x.xx joined ISP C

How to configure the plan above

Thanks


This thread was automatically locked due to age.
Parents
  • 0

    Hi, you will have to expand a bit more on what exactly you want to achieve, the reasons for you planning and what the premisses are.

    Let me try and see whether I'm understanding what you would like to do:

    • You have one firewall
    • You have three different ISP connections
    • You would like to create three internal networks and route each one to one of the ISP lines

    My questions here are:

    • Why do you want to create the different internal networks? What requirements do you have that compells you to do that?
    • What firewall do you have?
    • What firmware version is installed on the firewall?
    • What network infrastructure do you have behind the firewall (i.e. managed switches)
Reply
  • 0

    Hi, you will have to expand a bit more on what exactly you want to achieve, the reasons for you planning and what the premisses are.

    Let me try and see whether I'm understanding what you would like to do:

    • You have one firewall
    • You have three different ISP connections
    • You would like to create three internal networks and route each one to one of the ISP lines

    My questions here are:

    • Why do you want to create the different internal networks? What requirements do you have that compells you to do that?
    • What firewall do you have?
    • What firmware version is installed on the firewall?
    • What network infrastructure do you have behind the firewall (i.e. managed switches)
Children
  • 0 in reply to AlexanderPoettinger

    My purpose of segmentation is to map if one of the ISPs is down, the department that is critical, for example Finance, does not have an internet connection.
    my network topology is
    Sophos XG firewall -> port 2,3,4 ISP -> L3 HP Procruve Switch -> Bluecoat, Switch L2 -> Switch client
    My question is how to map some IP clients using ISP A / B / C via Sophos

    Thanks

  • 0 in reply to Nanang TC

    My firewall is XG310 (SFOS 17.5.0 GA.HF062020.1) C320ABXHWF98M13

     

    Thanks :)

  • 0 in reply to Nanang TC

    OK, that is now clear.

    I would advise updating the XG to SFOS 18.0.1

    It would give you more control of the NAT and out and the Routing.

    Anyway the basic is:

    • Each of the ISPs are defined as WAN interfaces.
    • In the Gateway-Manager you properly define the rules to check the staus of the line (that depends on you kind of ISP connection) so that it really notices if the line is down.
    • Each of the internal networks are set up as LAN interfaces
    • For each of the LAN networks you create a Firewall rule an in the NAT/Masquerading part define a primary and a secondary gateway
      • In 18.0.1 you can also do it with SD-WAN rules