Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple Internet Connections

Status
Not open for further replies.
cjkenworthy

cjkenworthy

Programmer
Sep 13, 2002
237
0
0
GB
Has anyone had any experience of using multiple internet connections (in our case 2 ADSL lines) with a Watchguard Firebox?

At the moment, we have a firebox III/700, and a single ADSL router hanging off the External port and want to add another ADSL connection.

Is it possible to maintain the firewalling, and do some clever NAT to control which internal PCs use which connection? Can the optional port be used as another external interface?

Thanks.
 
Sort by date Sort by votes
I am looking forward to some help with your question too. We have just added an additonal T-1 from a different vendor. The additional T-1 is to be only used to access our hosted database over the internet.
 
Upvote 0 Downvote
I got a response of our reseller and found out that it may be possible to 'reverse' the flow of traffic over the 'Optional' port on the firebox, using NAT and some clever rules. The reseller told me that this is not explicitly supported by Watchguard. I have however put down a few of my ideas below.

Another option (just an idea) is to plug a cable from the 'External' port to a switch, then have the two gateways (or multiple gateways) connected to the same switch. Configure some routes in the Firebox control panel (under 'Network > Routes...') you could specify the gateway for any outgoing traffic to a specified IP address, but this relates more to our specific problem. In effect this offers multiple gateways to the firebox

Perhaps take a look at at getting a load balancing router, which can handle packet filtering for your inbound connections. One I was looking at is a Neteyes C200 There are others on the Internet.

If it is just incoming conections directly to one database server, then why not just connect the connection directly to the server with a software firewall (suicide but cheap), or buy a cheap SOHO firewall to protect the server.

Hope this gives you some ideas.

Chris
 
Upvote 0 Downvote
Thank You for your ideas. I think that I will try to connect the multiple gateways using a switch. Our T-1's are from different vendors therefore different networks. Are there any issues that you know of connecting the T-1's from different vendors and the external port to the same switch?
 
Upvote 0 Downvote
Providing each T-1 gateway has a different IP address, it should not matter.

I presume, like us, you have a router as a gateway at the connection with the T-1 circuit. We use an ADSL modem router as the gateway. It sits there exposing an IP address (public, but could be private), the firebox then delivers traffic to that IP address. So there is no reason why a switch cannot sit in between them, it would be just like a small LAN.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

steve56k
  • Locked
  • Question
Number of connections for VPN tunnel
Replies
0
Views
48
steve56k
steve56k
RodneyMcSnow
  • Locked
  • Question
Windows 8.1 PRO has to open connections when NETSTAT is used.
Replies
0
Views
66
RodneyMcSnow
RodneyMcSnow
rjwaunakee
  • Locked
  • Question
Allow Connections with Domain Names
Replies
0
Views
54
rjwaunakee
rjwaunakee
brk1221
  • Locked
  • Question
Change multiple addresses on an ASA 5510
Replies
5
Views
117
iggsterman
iggsterman
RMurr34
  • Locked
  • Question
No Internet Access if no static map
Replies
0
Views
43
RMurr34
RMurr34

Part and Inventory Search

Sponsor

Back
Top