Question With Firebox M270
Hello,
Newbe here. I have a M270 and I can seem to get in connect in with my existing network.
My network is as follows: Verizion Fios router G1100 - Netgear Orbi Mesh wifi -Netgear 24 port non managed switch.
So I tried connecting my Firebox in the following way: my ethernet cable coming from Verizon ONT to the wan port of the router - then from Verizon router lan port ethernet cable to Firebox interface 0 - then from trusted port 1 ethernet cable to my switch. Also, I need Fios router DHCP because I have TV service and can not bridge it because I will lose capability of some of my TV services. So long story short when I connect everything this was and try to configure interfaces on the Firebox setting them up as external and setting to DHCP they are failing because they are not getting IP from Fios router. If anyone know a proper configuration please help me out and if you need more information let me know?
Thanks,
Alex
Comments
DHCP will not pass from external to internal devices when using mixed routing mode.
If you only have WAN and LAN ports on your FIOS router, then it seems that your TV needs to be connected directly to the FIOS router
Thanks for information. My Fios router doesn’t need to have every cable box connected it’s used coaxial cable and the Verizon router assigns ip address’s to each cable box. So I spoke with WatchGuard technical support and he said I should configure the interface on the M270 to external and set to DHCP and the M270 will grab up address from the Fios router so I would be able to plug all my lan devices into my network switch. How should I be connecting it. Since the other did not work?
Thanks,
Alex
In mixed routing mode, the subnet on trusted needs to be different than the subnet on external.
If you have just inserted the WG firewall between your LAN and the FIOS router, then you have 2 options:
1) change the subnet used on your LAN devices
or
2) switch to Drop-in mode, where you can have devices on trusted interfaces with the same subnet on external
If your TV is connected to a separate cable box, then the firewall setup should not impact your TV
When I do not plug anything in WAN port of Fios I do not get IP address from Verizon.
Coming from the ONT, how is your Verizon router connected? If it uses a coax cable to connect from ONT to FiOS router, then the FiOS router's WAN port won't be used. This way, the FiOS router would get Internet over coax, and you'd connect devices to the FiOS router's LAN ports.
If your speeds are high enough (over 100Mbps), they usually connect ONT to FiOS router via network cable, in which case it would be ONT to FiOS WAN port.
Which way is yours done?
Unless you can make the Orbi into a wireless access point only and not a router, you are going to have issues with your wireless being on two different subnets, because the Orbi is a router of its own, and you are trying to connect the WatchGuard, which will have its own LAN.
Without the Orbi in play, you would do: Verizon FiOS router G1100 with a DHCP reservation set for the WAN MAC of the WatchGuard, and that IP address in the FiOS router's DMZ (this setup lets all incoming ports hit the WatchGuard so that SSLVPN, etc, works behind the FiOS router) > connect any FiOS router LAN port to WatchGuard WAN port Eth0 set to External and DHCP > connect Netgear 24-port non-managed switch to Eth1 of WatchGuard, set as Trusted. You could connect the Orbi to the Netgear 24-port switch, then see if you can make it an access point only and not a router, thus keeping it on the same subnet, and having your LAN and the Orbi all on one network.
It all depends upon what your isolation/connectivity needs are.
Gregg
Gregg Hill
I have Fios fastest plan gigabit so I have both ethernet and coax. I have the Orbi set up as an AP. If I connect the Orbi into a port on my switch will it follow the firewall policy for wifi devices?
Thanks for the info Gregg
I always set up my Eth1 and successive interfaces as VLANs. It makes it easy to swap around stuff and to apply my policies.
It sounds like you have about what I do. I have Spectrum cable modem LAN port > WatchGuard T35 WAN port set as External and DHCP > Eth1 to LAN network switch, and a PoE switch linked to the main switch. The network switches have all devices connected, including a UniFi wireless access point, and the UniFi AP has VLAN1, VLAN2, VLAN3, etc. on it. I use the VLAN# to assign it to my WatchGuard policies.
So, I can have a restricted policy that applies to all VLAN1 (my LAN) devices, another less-restricted policy for VLAN3 for guest wireless, VLAN9 for IoT devices with no restrictions, etc.
Gregg Hill