• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Setting up 4 firewalls behind a switch and router

H

hillmanjohn2

Junior Member
Hi all,

This is my first time doing this setup although I am not a newbie to networking. I am wondering because for my job I will need to remote into the management console of FortiGate, SonicWALL, Palo Alto, and WatchGuard firewalls to show customers I talk to and go through demos. So basically I want this setup and am not sure if I need to get a static IP from my ISP or if I can use the router and switch setup to assign static IPs on the backend in my network.

Setup

Internet (Comcast residential) - ZyXEL BRG‑35503 - WRT54G (this is what I have right now but may upgrade to business class) - HP Procurve 1700 8 port managed switch - each firewall.

Any suggestions would be great and please let me know if you need more info.

Thanks!

John
 
sdifox said:
I am confused. How are you going to show your customers the web interfaces of the firewalls?
Click to expand...

By remoting in. So for the FortiGate I have it setup as a ddns web login. For the SonicWall I can setup a web login also. Basically I want to have all 4 on my network and to be able to have them access the internet.

Not sure if I am going about this the correct way...

Let me know if that makes sense.

Thanks!
 
Why are you hosting work stuff at home?

are you saying the cust9mer is going to look over your shoulder while you open a remote control session to your machine at home?
 
Last edited:
sdifox said:
Why are you hosting work stuff at home?
Click to expand...

It's not company owned devices. I sell network security and want to be able to go through the setup and mgmt console with customer when I am on webexs with them. Its purely my choice and the vendors give me the products to use at home.
 
sdifox said:
Why are you hosting work stuff at home?

are you saying the cust9mer is going to look over your shoulder while you open a remote control session to your machine at home?
Click to expand...

Sort of. I will have them on a webex and be sharing my screen so that they can see what I see when I log in.
 
Stack virtual ips on the switch's uplink so your firewalls are on different subnet.
then just use your pc as remote host and manage each of the firewalls from there. Remote into pc, done.
 
sdifox said:
Stack virtual ips on the switch's uplink so your firewalls are on different subnet.
then just use your pc as remote host and manage each of the firewalls from there. Remote into pc, done.
Click to expand...

Sweet! Thanks! So I dont actually need to get a static ip from my ISP and setup VLANS then? Sorry if I sound dumb... I am used to managing firewalls but not switches and routers... Right now I use my FortiGate as a router/firewall.
 
hillmanjohn2 said:
Sweet! Thanks! So I dont actually need to get a static ip from my ISP and setup VLANS then? Sorry if I sound dumb... I am used to managing firewalls but not switches and routers... Right now I use my FortiGate as a router/firewall.
Click to expand...

I guess you can setup the virtual ips in FortiGate and have it route properly. All setup is internal so no you dont really need static ip as long as you can remote to your pc.
 
I would have preferred to setup virtual ip stacki g on the router but I dont think your router does that. Which means you are going to have to run three firewallsbehind the main one. Not ideal.
 
sdifox said:
I would have preferred to setup virtual ip stacki g on the router but I dont think your router does that. Which means you are going to have to run three firewallsbehind the main one. Not ideal.
Click to expand...

I have no problem getting a different router. Do you have one you could recommend? I am looking on ebay for less costly business class routers and they arent overly expensive.
 
Use a VPN server on your router w/ DDNS, then you're "at home" and can hit the web-admin pages for the firewalls. There are custom firmwares like ddwrt or Tomato that can do this, or you can use pfsense, or you can just use a router that supports it out of the box like some of the higher-end enthusiast-class routers.

Install each firewall as a separate node on your network - not in between anything and anything else. If they have a separate LAN port for management, use that port.

If you need to generate load/traffic across each firewall, there are plenty of 4-port NICs and VMware whitebox articles/blog posts out there. You know what to do from there.
 
dave_the_nerd said:
Use a VPN server on your router w/ DDNS, then you're "at home" and can hit the web-admin pages for the firewalls. There are custom firmwares like ddwrt or Tomato that can do this, or you can use pfsense, or you can just use a router that supports it out of the box like some of the higher-end enthusiast-class routers.

Install each firewall as a separate node on your network - not in between anything and anything else. If they have a separate LAN port for management, use that port.

If you need to generate load/traffic across each firewall, there are plenty of 4-port NICs and VMware whitebox articles/blog posts out there. You know what to do from there.
Click to expand...


Ok so this is the setup so far.

Cable Modem - WRT54G with Tomato FW - HP Procurve 1700-8 - FortiGate 30D on port 2 and SonicWALL TZ300 on port 3.

So how do I setup so that the FG and TZ can both have internet access? I haven't configured anything on the HP Procurve yet. Right now I am getting internet access from the TZ but not the FG.


Thanks!!
 
No the router does it support either and I don't have anything connected at the moment. The HP Procurve 1700-8 supports both though so I was going to try hooking the switch into the router and then the firewalls into the switch.

Thanks for the help!
 
hillmanjohn2 said:
No the router does it support either and I don't have anything connected at the moment. The HP Procurve 1700-8 supports both though so I was going to try hooking the switch into the router and then the firewalls into the switch.

Thanks for the help!
Click to expand...

Then you just need to vlan and route properly. Remote into your pc through teamviewer or something then connect to the different firewalls that way.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top