Bridge to a MPLS Managed Network
Hello,
We have a new ISP connection. We are using a M670 with an external interface connection to the new ISP gateway. We have an existing MPLS connection that is managed by the ISP. This connection provides data and voice (through a PRI). The phone system is a Shortel.
We will eventually migrate the entire infrastructure to the new internet connection and use SIP trunking on a new phone system. However, that will be a year or so as we have a current telco contract.
What we would like to do is somehow connect the two networks together so we can use the higher speed data of the new connection. We attempted to disconnect the existing data connection from the network and replace it with the new data connection from the M670. This did work. (Internet and phones worked) However, we were not able to access the voice network from the data network since the voice network was being delivered by the MPLS router. Is there a way to make this work?
Comments
Now that you have a Multi-WAN setup, you can use SD-WAN settings along with Multi-WAN settings to do what you want.
Set Multi-WAN to Failover, and and have the current ISP connection as tht 1st one and the new ISP connection as the 2nd one. This will make your current ISP connection to be the primary connection.
Now create a SD-WAN action with the new ISP connection as the 1st entry and the current ISP connection as the 2nd entry.
Then select SD-WAN on any policy that you want traffic allowed by it to go out the new ISP connection and select the above SD-WAN action on that policy.
This way you can transition over to use the new ISP connection while voice should still go out the current ISP connection.
Review this:
Configure SD-WAN
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/sd-wan/sd_wan_routing_configure.html
Bruce, Thank you for the response. This is not currently a multi WAN setup. The legacy connection is an ISP Managed MPLS connection. The MPLS is NOT connected to the Firebox. I am not sure how/if the SDWAN would work. WE would have two routers on the network. (The managed ADTRAN with the MPLS and the Firebox.) The idea was to not use use the data piece of this connection just the part that is carrying the PRI and phone connection.
So what does the firewall do now?
Bruce, The firewall is currently connected to an entirely new ISP circuit. This is a new setup as we would like to migrate to this new "network". However, we still have 1 year left on the existing ISP contract. The old data is an ISP managed MPLS 20MB circuit with a PRI delivered through an ADTran router. The new circuit is a 1GB fiber (no PRI as we will be moving to SIP when the existing contract is up). Easiest way to picture is two separate networks at the moment. We would like to use the Data from the new circuit (connect to the Firewall) and the phone from the old circuit (connected to the ADTran). When we disconnect the old data circuit and plug in the new one we have data and voice, but the voice can not talk to the data and vice versa.
We need a better understanding of your setup behind the MPLS device.
Presumably you have switches, to which PC & servers are connected.
Are the voice & data devices on separated connections so that one could easily move the data connection to the new firewall without affecting the voice connection to the ADTran router?
One possible option is to make a connection from your data switch to the firewall trusted interface.
Have the trusted interface have an unused IP addr from your current LAN subnet.
Then change the default gateway on existing data devices to the firewall interface IP addr.
This could be done 1 by 1, for testing etc. and then change the DHCP server default gateway setting to the new value