Watchguard firebox 21

edited August 2021 in Firebox - Other

I need to setup each interface to on the box to serve as a seperate lan. I set each interface to hand out DHCP addresses at 11.x.x.x 12.x.x.x and so on but only the first interface with the normal ips will get internet access even when I tell the other interfaces to use the first as a gateway. I'm not sure what I'm doing wrong. [removed link]


  • Options

    This firewall is very old, and went End of Life on 30 Jun 2017.
    WatchGuard firewalls require a Feature Key in order to fully function, and to allow out more than 1 IP addr.
    If you don't have a Feature Key, then that is your issue.
    Because your unit is EoL, I'm not sure if Customer Care will give you Feature Key or not.
    You can open a Support Incident via the Support Center link above, and select Customer Care. Provide your firewall serial number, and ask for a Feature Key. See what they say.

  • Options
    edited January 2021

    In addition to what Bruce noted, your subnets are not valid. Instead of using invalid (for a private LAN) IP subnets of 11.x.x.x 12.x.x.x, use the default subnets on the additional interfaces. By default, a new config for an XTM 21 has each interface isolated with its own subnet already, and they are,,, etc.

    Use those subnets and you should be fine, assuming that you have a valid feature key, even an expired one. If you want a different interface subnet, that is fine, but stick with the approved private IP ranges. Anything in the following should work:

    10.0. 0.0/8 IP addresses: 10.0. 0.0 – 10.255. 255.255.
    172.16. 0.0/12 IP addresses: 172.16. 0.0 – 172.31. 255.255.
    192.168. 0.0/16 IP addresses: 192.168. 0.0 – 192.168. 255.255.

    Unless you are just using this in a lab (heck, even then), you would be better off trading in that XTM to a current model, such as a T20.

    Gregg Hill

  • Options
    edited August 2021

    DHCP will only broadcast to a single broadcast domain, unless you set up a bridge, which I don't think is needed in your case.

    [removed spam link]

Sign In to comment.