This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN ROUTING IMPLEMETATION

Am a new babie in SOPHOR firewall. I have a new XG210. I want to achive multiple DMZ, WAN and LAN.

I have my core switch connected to the firewall which had two vlan one Management and the second one SERVER. I want to have two ISP connection which would be in Active standby mode. The i want to have two provider connected to my DMZ. Which should be able to access the SERVER vlan only.

LAN IP address:- 192.168.10.x

SERVER : 192.168.20.x

DMZ-1: 172.16.10.2

DMZ-2: 172.17.10.2

Can someone HELP

This thread was automatically locked due to age.

Parents

0 Ashen1 over 8 years ago

Hi,

Can you please provide a network diagram of the setup you're trying to achieve?

Thanks,

Rap
Cancel
Vote Up 0 Vote Down

Cancel
0 Oluwasegun SHITTU over 8 years ago in reply to Ashen1

8540.diagram.pdf
Cancel
Vote Up 0 Vote Down

Cancel
0 Ashen1 over 8 years ago in reply to Oluwasegun SHITTU

Hi,

You need to configure a static route for your server farm on your core switch that if they want to reach DMZ next hop is Sophos XG.

And in Sophos XG, you need to configure a static route back to the server with the interface of your core switch as next hop.

You need to create a firewall rule in XG as well, depending on what zone you configured your server farm (eg. LAN, WAN) that allows traffic from specified zone and network details

going to your DMZ and vice versa.

Hope it helps, give it a shot, let us know how it goes.

Regards,

Rap
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ashen1 over 8 years ago in reply to Oluwasegun SHITTU

Hi,

You need to configure a static route for your server farm on your core switch that if they want to reach DMZ next hop is Sophos XG.

And in Sophos XG, you need to configure a static route back to the server with the interface of your core switch as next hop.

You need to create a firewall rule in XG as well, depending on what zone you configured your server farm (eg. LAN, WAN) that allows traffic from specified zone and network details

going to your DMZ and vice versa.

Hope it helps, give it a shot, let us know how it goes.

Regards,

Rap
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Oluwasegun SHITTU over 8 years ago in reply to Ashen1

The first DMZ is fine and we are working fine.

I have issue with dual ISP switching. I configure Active/Standy failove. But the backup ISP would not come up until i have to change the admistraive distance AD to lower number before it takes place.

0.0.0.0/0.0.0.0 x.x.x.x port 2 0

0.0.0.0/0.0.0.0 x.x.x.x port 4 1
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to Oluwasegun SHITTU

Oluwasegun,

sorry but for me the scenario is not clear. Please update the network diagram putting the IP addresses, VLAN ID.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Oluwasegun SHITTU over 8 years ago in reply to lferrara

Here is my topology.

The Active/standy failover did not done automatic until you have to change the Admistrative Distance of the primary to higher distance before the babckup picks.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to Oluwasegun SHITTU

Thanks for updating the thread.

For WAN side,

did you configure the WAN link manager?
Cancel
Vote Up 0 Vote Down

Cancel
0 Oluwasegun SHITTU over 8 years ago in reply to lferrara

Yes,here is the screen shoot attached.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to Oluwasegun SHITTU

Oluwasegun,

send me a PM and I will have a look at it.
Cancel
Vote Up 0 Vote Down

Cancel