Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[lucifer-tas]

We're trying to join 2 LAN networks. One network is 192.168.5.x/24 and the other is 192.168.10.x/24.
They have a 5.8GHz P2P RF link between them which has address 192.168.105.x/24 (One side has NanoBridge at 192.168.105.201 and Rocket M5 on other side is 192.168.105.202). I wanted to connect this onto the 2 DMZ interfaces between the firewalls which would be 192.168.105.200 and 192.168.105.203 (So it's DFL1660 DMZ = 192.168.105.203  ->  RocketM5 = 192.168.105.203  ->  NanoBridgeM5 = 192.168.105.201  ->  DFL-260e DMZ = 192.168.105.200 and of course traffic flows in both directions, arrows just show joins, not direction).
Both LAN networks have their own modem connection to the Internet with one modem being 192.168.205.201 and the other is 192.168.210.201. Modems handle all the authentication at this stage. The WAN ports on the firewalls are 192.168.205.200 and 192.168.210.200. Internet traffic should not go over the DMZ link.
The computers on the 192.168.10.x/24 network (192.168.10.1 - 192.168.10.10) need to be able to connect to the AD domain controller at 192.168.5.1 and RDP to the server 192.168.5.2 and it would be good if they can connect to the database server at 192.168.5.3.
There is also a 3CX phone system bridge between the 2 3CX computers (192.168.5.100 and 192.168.10.100). They use these ports: TCP4515, TCP5000, UDP9000-9049.
There is also a NAS box at 192.168.10.10 which would be good if it could be accessed from the 192.168.5.x network (as a network shared drive).
If it makes it any clearer, I'm preparing a diagram at the moment.

That's all I'm trying to configure at the moment but eventually we're looking at Internet failover using the DMZ link, VPN failover using the WAN if the DMZ link drops, and traffic prioritising over the links so database and phone traffic has priority over Internet traffic (when using failover). At this stage I just need the basics and the failover stuff can be done later - I'm just mentioning it in case it makes a difference to the fundamentals.

[chechito]

please post some type of topology image to get clearance of your scenario

[lucifer-tas]

After an intense few weeks of network setup I've finally gotten enough free time to draw up the network diagram.



There's an obvious error in my previous post in the IP addressing of the link but it's correct in this diagram - the same goes for any other conflicts; the network diagram has priority.
By setting the firewalls to allow everything, setting everything in the access section to allow traffic into the interfaces, setting all routing rules to proxy arp, and setting a couple of manual ARP publishes (and then saving config, factory reset and reload config which seemed to help) I was able to get a computer on the .10.x network to RDP to a computer on the .5.x network across a simulated .105.x link network (which in the lab consisted of just a patch lead between the DMZ ports of both firewalls).
If anyone can provide a more minimal config rather than just using the firewalls as expensive routers, that would be good.
At the moment, it's just a matter of get the .10.x network and .5.x networks to talk to each other through the .105.x P2P link network and get Internet traffic at both sites to go through the modems (in either bridged mode with the firewalls authenticating and NATing or let the modems do this - whatever is easier and gets it working).
Can someone please help me so I don't lose any more hair over this.

Also on a side note, if the firewall logs show connection open and no traffic comes back through the firewall (between 2 networks like DMZ and LAN for instance), does that usually mean a default gateway problem on one of the computers? The firewall shows no other error messages or IP Rule drop messages.

Thanks in advance.