HP2524 - Can I make this work?

[Subversive]

Hi, I am trying to configure my HP Procurve 2524 to do something, but maybe it's not actually capable. Here's the situation:

- Internet comes from ISP to a router
- from router is connected to an HP Procurve 2524
- 1 connection goes to our DNS servers, another goes to a Fortigate 800 Firewall which is in transparent mode
- From the Fortigate I connect to another HP procurve 2524 which feeds the rest of the internet connections for my servers. Neither of the Procurves are VLAN'd at this point
- What I would like to do is use the 1st 2524 to provide both the 'pre firewall' and 'post firewall' connections. I setup a 2nd VLAN and assigned ports 7-26 (untagged) to it and set it so that VLAN 1 was set to forbid on 7-26. I then connected from the Fortigate output to port 24 on the switch, and attempted to connect one of my servers. However, I get no internet at all. I thought that I was just doing something wrong but I haven't been able to find an explanation on how to do what I want. For now I'm back with my original configuration, but I'd like very much to reclaim that 2nd 2524 because I'm not using enough connections that I need both physical switches.

I've spoken to one person who says I will not be able to do what I want to because the 2524 is only a layer 2 routing device, and that I need a layer 3 routing device to do this. Is this correct? If not, can anyone give me some advice on how to make this work?

 

[LawnBoy]

To my thinking, what you're trying to do should work. From the pre VLAN can you ping the pre port of the fortigate? From the post VLAN can you ping the post port of the fortigate?

Chapter 9 of the 2524 Mgmt and Config Guide gives a very thorough treatment on VLAN configuration. I belive the pre and post ports of the forigate will have to be on separate IP subnets.

hth.

"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes