Internal network connection

I have been tasked to make a network map and I am new to WatchGuard XTM Firewalls.
Currently, we are using mixed-routing mode and have set up two internal networks.
Client LAN Interface 2 set as Trusted 192.168.64.1/18
Server LAN Interface 3 set as Trusted 192.168.1.1/19

While drawing up a map I had found a stray connection between the Client LAN switch and the Server LAN switch. The connection looks like it was put there after everything else was installed as it does not come from any patch panels just a straight patch cable from one switch to the other which is why it caught my attention. None of the other techs know why this cable was installed.

Would anyone be able to tell me a possible reason to do this?

Comments

  • Perhaps to send some type of broadcast packet from 1 network to the other.
    Wake on LAN is one possibility.

  • Does your Client LAN need to communicate with your Server LAN? If so, and you DON'T have rules in the Firebox to allow it, then that may be why the cable is there and the switches are doing the routing.

    Gregg Hill

  • If all devices on each network have the appropriate subnet mask, then routing from 1 network to the other should always go via the default gateway - in this case the respective firewall interface.
    Broadcast packets would go across the link between the 1 networks since thay are not routed (broadcast), whereas routed packets should not.

  • @Bruce_Briggs said:
    If all devices on each network have the appropriate subnet mask, then routing from 1 network to the other should always go via the default gateway - in this case the respective firewall interface.
    Broadcast packets would go across the link between the 1 networks since thay are not routed (broadcast), whereas routed packets should not.

    I agree that routing from 1 network to the other should always go via the default gateway, assuming that the default gateway actually is the Firebox and not a managed layer 3 switch.

    Gregg Hill

  • @Bruce_Briggs said:
    Perhaps to send some type of broadcast packet from 1 network to the other.
    Wake on LAN is one possibility.

    I don't think we have any broadcast traffic that should hit both networks.

    @Greggmh123 said:

    @Bruce_Briggs said:
    If all devices on each network have the appropriate subnet mask, then routing from 1 network to the other should always go via the default gateway - in this case the respective firewall interface.
    Broadcast packets would go across the link between the 1 networks since thay are not routed (broadcast), whereas routed packets should not.

    I agree that routing from 1 network to the other should always go via the default gateway, assuming that the default gateway actually is the Firebox and not a managed layer 3 switch.

    I did find some of the switches were incorrectly configured and did not have the default gateway set. That might be the initial problem they were trying to solve.

    It does look like we have policies in place to manage the proper traffic between the two networks. I would like to remove that cable between the two switches. I guess the easiest way to make sure we have all the traffic is to mirror the traffic on another port and see if there is any other traffic that needs to be attached to a policy.

    Thank you all for the insight.

Sign In to comment.