Routing between M290 and point-to-point Ubiquiti

ITDan

Good day

Been a long time WatchGuard user and just installed it in the new company I work for and face a little challenge.

I am replacing old Sonicwall site-to-site VPNs with Ubiquiti point-to-point antennas as the range between the different buildings can take the PtP technology instead of paying for multiple internet access and I have installed an M290 in the main office instead of an old Sonicwall that was EOL.

Just it's a first time for me dealing with routing like this with Watchguard and need some help.

The M290 is on my internal subnet (Trusted) 192.168.254.0/24
I added the PtP on an interface (Optional) with the 3 antennas on the subnet 192.168.1.0/24 and configured the IP of the interface as 192.168.1.1 on the M290
I have 2 remote sites that have a small Mikrotik router for routing and DHCP server with subnets 192.168.2.0/24 and 192.168.3.0/24

I need to be able to communicate with the sites and the remote sites need to be only able to connect to the main office to get connection to a server for data, no need to access the Internet.

Right now I created a firewall rule for Any from my internal interface to my PtP interface. I'm able to talk to the Ubiquiti antennas. I guess I also need to add routes in WSM to say that 192.168.2.0/24 and 192.168.3.0/24 point to the IP addresses of the Mikrotik to reach the rest of the network.

Any other setting I should be adding.

Thanks for the help

james.carson

Hi @ITDan

I'm not sure how your externals are set up in this situation, but I think the most straightforward way to handle this would be to set up BOVPNs. This will also encrypt the traffic between each site.

-Use BOVPNs to set up access to each network. The BOVPN routes will add routes to the firewall's routing table.

-You can also use static routes as you've done. If you decide to do that, you will need to make sure the Ubiquiti hardware is encrypting your traffic.