Intial interface configuration

Hi, I'm new to WatchGuard and struggling a little.

I have a Firebox T40 plugged into my existing network via the WAN interface which is on a local IP (, which I can connect to on the LAN and via the Cloud portal.

In interface3 I have a another branded L3 switch. If I configure i3 to have the IP address of I can see the L3 switch on
If I change this interfaces IP and setup a DHCP server, the L3 switch does not pick a new IP address, therefore I am thinking is statically assigned.

I either need a way for the switch to pick an IP in the range or find a way to connect to it on

Any ideas? Any suggestions would be gratefully received.


  • Options

    In Mixed routing mode, you can't have the subnet on external also be on an internal firewall interface, so you can't have 10.128.10.x on an intenral firewall interface .

    To connect to your switch from External (10.128.10.x), you need to add an incoming policy to allow this access.
    Presumably this would be HTTPS packet filter.
    You need also set up a SNAT.

    If you are using the Web UI, you need to log in using the admin userid & password.

    Select Firewall -> Firewall SNAT
    Add, enter a name for this
    select the firewall external interface IP addr, type = Internal IP addr, & enter the private IP addr ( You do not need to select either check box.
    OK, SAVE

    Select Firewall -> Firewall Policies
    Add Policy
    Select Packet Filter, then scroll down and select HTTPS
    select ADD Policy

    From: - remove Any-trusted, Add Any-external, OK
    To: - remove Any-external, Add - select Member Type = Static NAT, select the SNAT name that you created, OK

Sign In to comment.