Best Practice when Firebox is not default gateway

Hi, I'm having trouble to set up my Fireboxes.

The problem is we cannot remodel the default gateway to the firecluster as its part of a managed WAN company system. So i configured a new gateway for the firecluster, but have absolutely no idea how to setup my routing. I mean for internet routing going through the firebox i suppose to work with a local install proxy server. But if i connect through ssl vpn from outside i get an ip adress 192.168.113.x and can ping the default gateway 11.237.46.11 but no other devices in the network.

I am not the routing expert, but does anybody have an idea about it how to set it up to work this way? or any best practices for that.

Setup: 2xM470 as firecluster.
server lan: 11.237.46.0/24
default gateway: 11.237.46.1
gateway of firecluster: 11.237.46.11

switches are all cisco.
thanks in advance.

Comments

  • Someplace in your existing setup, you need to add a Route for 192.168.113.0/24 pointing to 11.237.46.11.
    If your Cisco switches are layer 3/routing switches, it could be done there.
    If not, it could be done on 11.237.46.1

  • @Bruce_Briggs said:
    Someplace in your existing setup, you need to add a Route for 192.168.113.0/24 pointing to 11.237.46.11.
    If your Cisco switches are layer 3/routing switches, it could be done there.
    If not, it could be done on 11.237.46.1

    I was able to solve it with a NAT rule with source 11.237.46.11, that worked.
    Will take your route idea for my internet routing, but that will be later.

  • I am curious if you work for the US DoD because that 11.237.46.11 IP is registered to the DoD.

    Gregg Hill

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    @Greggmh123 They've been reallocating IPs as of late, so it's possible ARIN just hasn't caught up.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.