New problem solver
•
2 Messages
Complex network setup- multiple WAN links- need advice
Hello all- I have a problem which I need advice on how to resolve. On my company's main network, we have a SonicWall enterprise firewall. It does automatic load balancing and failover between our 3 WAN links- Verizon, Business Only Broadband, and Comcast. All of this is working fine. The trouble comes in with a recent addition. I have added a pfSense firewall device using one of the static IPs in our range provided by Comcast. So, our Comcast Business Gateway has 2 firewalls connected behind it, one being pfSense, the other SonicWall. This pfSense box is meant for guest internet access, and wireless for mobile phones tablets and such.
Devices connected behind pfSense cannot connect to VPN and OWA which is hosted through the SonicWall device. Also I cannot ping the public IP address of any of the three WAN links, which is only the case for clients behind the pfSense firewall. Using our SBC Yahoo backup DSL line, I can ping all three links.
I'm guessing that if I disconnect the SonicWall from the Comcast Gateway, and reboot it, my trouble may go away. But for the sake of redundancy, I'd like to keep it connected and figure out a way around this issue. I did speak with Comcast Business Support, and they said the gateway device is limited, and he didn't know how to configure it to do what I'm needing. Any advice greatly appreciated!
Accepted Solution
garden_gnome
New problem solver
•
2 Messages
12 years ago
Right- I'm aware of the need to set up firewall rules. All my firewall rules are set up and working properly. I don't think you are understanding what I'm saying, so I'll try wording it differently:
Situation 1:
pfSense firewall is connected to Comcast gateway and using public IP x.x.x.37.
SonicWall firewall is *not* connected to Comcast gateway, but is internet connected using Verizon ISP connection.
Situation 2:
pfSense firewall is connected to Comcast gateway and using public IP x.x.x.37.
SonicWall firewall is connected to Comcast gateway using public IP x.x.x.35.
We are publishing email services through HTTPS on Sonicwall using the Verizon public IP, so they are not dependent on Comcast data service.
In #1, Client devices are connected behind pfSense firewall can connect to email services.
in #2, Client devices are connected behind pfSense firewall *cannot* connect to email services. I see this as a routing problem either in Comcast's gateway or further down the line in their network. Both firewalls have separate public IP addresses, so they should be able to communicate with each other, but it's not working. Can this be resolved?
0
0
Accepted Solution
CC_John
Retired Employee
•
1.9K Messages
12 years ago
Garden_nome. The scenario that you are describing, setting up a private network via public IP's on the WAN side of the gateway, is not possible on the WAN side of the Comcast gateway. On the Comcast SMC gateway that scenario will only work with on LAN DHCP side. Both devices will require a dynamic ip from the Comcast gateway.
0
0
CC_John
Retired Employee
•
1.9K Messages
12 years ago
Welcome garden_gnome. The Comcast gateways does not support routing to subnets behind the firewalls. It will route to static IP on the firewall only. Connections to devices behind the firewalls will have to be handled by forwarding rules in the firewall.
Thank you
0
0
CC_John
Retired Employee
•
1.9K Messages
12 years ago
Garden_Nome. Although the Comcast cable gateway is setup for WAN side routing only, you may be able to achieve the desired results with an alternate network setup.
“For a setup such as yours it really requires a customer owned router with multiple WAN interfaces (for each of your ISP connections). This would allow you to route traffic destined to particular ISP gateway as required. It also allows for LAN segmentation of your traffic in separate subnets to keep the Guest Internet network separated."
"The problem you are having is because the Comcast Gateway is giving you 1 subnet on the LAN side with X amount of host IP’s. These all fall into the same subnet and can only route through the 1 gateway address of that subnet. You essentially are trying to route 2 different networks in 1 subnet/network. You may as a cheap and quick way to get this working be able to add a layer 2 switch between the Comcast gateway router and “split” your LAN side connection to both firewalls. Both firewalls would still need to be addressed in the same subnet and have the same gateway address configured. This may or may not get the result you’re hoping for but may be worth a try”.
Let us know if we can be of further assistance.
Thank you
0
0