Routing between M290 and point-to-point Ubiquiti
Good day
Been a long time WatchGuard user and just installed it in the new company I work for and face a little challenge.
I am replacing old Sonicwall site-to-site VPNs with Ubiquiti point-to-point antennas as the range between the different buildings can take the PtP technology instead of paying for multiple internet access and I have installed an M290 in the main office instead of an old Sonicwall that was EOL.
Just it's a first time for me dealing with routing like this with Watchguard and need some help.
The M290 is on my internal subnet (Trusted) 192.168.254.0/24
I added the PtP on an interface (Optional) with the 3 antennas on the subnet 192.168.1.0/24 and configured the IP of the interface as 192.168.1.1 on the M290
I have 2 remote sites that have a small Mikrotik router for routing and DHCP server with subnets 192.168.2.0/24 and 192.168.3.0/24
I need to be able to communicate with the sites and the remote sites need to be only able to connect to the main office to get connection to a server for data, no need to access the Internet.
Right now I created a firewall rule for Any from my internal interface to my PtP interface. I'm able to talk to the Ubiquiti antennas. I guess I also need to add routes in WSM to say that 192.168.2.0/24 and 192.168.3.0/24 point to the IP addresses of the Mikrotik to reach the rest of the network.
Any other setting I should be adding.
Thanks for the help
Comments
Hi @ITDan
I'm not sure how your externals are set up in this situation, but I think the most straightforward way to handle this would be to set up BOVPNs. This will also encrypt the traffic between each site.
-Use BOVPNs to set up access to each network. The BOVPN routes will add routes to the firewall's routing table.
-You can also use static routes as you've done. If you decide to do that, you will need to make sure the Ubiquiti hardware is encrypting your traffic.