Watchguard firebox 21

edited August 2021 in Firebox - Other

I need to setup each interface to on the box to serve as a seperate lan. I set each interface to hand out DHCP addresses at 11.x.x.x 12.x.x.x and so on but only the first interface with the normal ips will get internet access even when I tell the other interfaces to use the first as a gateway. I'm not sure what I'm doing wrong. [removed link]

Comments

  • This firewall is very old, and went End of Life on 30 Jun 2017.
    WatchGuard firewalls require a Feature Key in order to fully function, and to allow out more than 1 IP addr.
    If you don't have a Feature Key, then that is your issue.
    Because your unit is EoL, I'm not sure if Customer Care will give you Feature Key or not.
    You can open a Support Incident via the Support Center link above, and select Customer Care. Provide your firewall serial number, and ask for a Feature Key. See what they say.

  • edited January 2021

    In addition to what Bruce noted, your subnets are not valid. Instead of using invalid (for a private LAN) IP subnets of 11.x.x.x 12.x.x.x, use the default subnets on the additional interfaces. By default, a new config for an XTM 21 has each interface isolated with its own subnet already, and they are 10.0.1.1/24, 10.0.2.1/24, 10.0.3.1/24, etc.

    Use those subnets and you should be fine, assuming that you have a valid feature key, even an expired one. If you want a different interface subnet, that is fine, but stick with the approved private IP ranges. Anything in the following should work:

    10.0. 0.0/8 IP addresses: 10.0. 0.0 – 10.255. 255.255.
    172.16. 0.0/12 IP addresses: 172.16. 0.0 – 172.31. 255.255.
    192.168. 0.0/16 IP addresses: 192.168. 0.0 – 192.168. 255.255.

    Unless you are just using this in a lab (heck, even then), you would be better off trading in that XTM to a current model, such as a T20.

    Gregg Hill

  • edited August 2021

    DHCP will only broadcast to a single broadcast domain, unless you set up a bridge, which I don't think is needed in your case.

    [removed spam link]

Sign In to comment.