Watchguard firebox 21
I need to setup each interface to on the box to serve as a seperate lan. I set each interface to hand out DHCP addresses at 11.x.x.x 12.x.x.x and so on but only the first interface with the normal ips will get internet access even when I tell the other interfaces to use the first as a gateway. I'm not sure what I'm doing wrong. [removed link]
0
Sign In to comment.
Comments
This firewall is very old, and went End of Life on 30 Jun 2017.
WatchGuard firewalls require a Feature Key in order to fully function, and to allow out more than 1 IP addr.
If you don't have a Feature Key, then that is your issue.
Because your unit is EoL, I'm not sure if Customer Care will give you Feature Key or not.
You can open a Support Incident via the Support Center link above, and select Customer Care. Provide your firewall serial number, and ask for a Feature Key. See what they say.
In addition to what Bruce noted, your subnets are not valid. Instead of using invalid (for a private LAN) IP subnets of 11.x.x.x 12.x.x.x, use the default subnets on the additional interfaces. By default, a new config for an XTM 21 has each interface isolated with its own subnet already, and they are 10.0.1.1/24, 10.0.2.1/24, 10.0.3.1/24, etc.
Use those subnets and you should be fine, assuming that you have a valid feature key, even an expired one. If you want a different interface subnet, that is fine, but stick with the approved private IP ranges. Anything in the following should work:
10.0. 0.0/8 IP addresses: 10.0. 0.0 – 10.255. 255.255.
172.16. 0.0/12 IP addresses: 172.16. 0.0 – 172.31. 255.255.
192.168. 0.0/16 IP addresses: 192.168. 0.0 – 192.168. 255.255.
Unless you are just using this in a lab (heck, even then), you would be better off trading in that XTM to a current model, such as a T20.
Gregg Hill
DHCP will only broadcast to a single broadcast domain, unless you set up a bridge, which I don't think is needed in your case.
[removed spam link]