Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MPLS Network Setup

Hi Guys...

I am new to the XG Platform but fairly familiar with UTM 9.  I have to say that XG is a step back,  not a step forward as there are far too many missing things...

I an also new to MPLS networks which is proving to be a stumbling block.

Scenario is such...  Seacom 200MB fibre MPLS link on a XG210 Firewall.  I got a Gateway and usable IP on a /30 subnet and a block of public IP Addresses on /28 network.  I need to configure the UTM so that port 2 had 4 public addresses and port 4 has the remaining addresses as the traffic will be split between 2 companies in the same group.

Does anyone know how to set this up?

Thanks



This thread was automatically locked due to age.
Parents
  • WernerRolfe,

    can you explain more in depth what you are trying to achieve?
    Do you have 2 gateways?
    Can you upload a network map/draw?

    Luk
  • Hi Luk...

    Here is the info I got from the ISP ( Addresses changed for security reasons )

    IPv4 PtP block 176.55.38.92/30

    IPv4 SEACOM 176.55.38.93

    IPv4 Client 176.55.38.94

    IPv4 Onward Assignment 176.63.171.160/28

    IPv4 DNS IPs 41.87.126.254 and 41.87.127.254

    I am not good with pictures ( although attached ),  so I hope the wording paints a portrait.

    At present,  Port 1 is my LAN Link and port 2 is my WAN Link.  WAN is configured with 176.55.38.94 with default gateway being 93

    There is 2 departments who will make use of the line,  and the /28 ip block must be divided 4/12 and to add insult to injury,  the addresses is to be available as a public address ( connect server lan directly to port and have addresses available to servers as public addresses without Port Forwarding )

    If I need to have 2 gateways, then so be it as I know I will loose 2 addresses in the process.

    Hope this explains it in more details

  • WernerRolfe,

    maybe you forgot the attachment. Anyway if I understand correctly, you are trying to achive a DMZ using Public IP instead private IP (so NAT is needed from WAN TO DMZ).

    To splic a network, you need a Layer 3 device, so you will lose IPs (2 for each subnet).

    What you can do is to request to your ISP to split the Public Network ranges they gave to you where the first range will go to your public router/firewall and the second range will go to your DMZ network card.

    Call you ISP and ask them to split the Public IPs you have and you would like to create a DMZ using Public Ips.


    Have a look at this old picture. Here the Firewall has 3 NICS:

    • one for WAN where it has Wan Router as its gateway;
    • second nic for DMZ where it does not have any default gateway
    • third NIC for internal network

    Talk with your ISP.


    Hope this helps!

    Luk

Reply
  • WernerRolfe,

    maybe you forgot the attachment. Anyway if I understand correctly, you are trying to achive a DMZ using Public IP instead private IP (so NAT is needed from WAN TO DMZ).

    To splic a network, you need a Layer 3 device, so you will lose IPs (2 for each subnet).

    What you can do is to request to your ISP to split the Public Network ranges they gave to you where the first range will go to your public router/firewall and the second range will go to your DMZ network card.

    Call you ISP and ask them to split the Public IPs you have and you would like to create a DMZ using Public Ips.


    Have a look at this old picture. Here the Firewall has 3 NICS:

    • one for WAN where it has Wan Router as its gateway;
    • second nic for DMZ where it does not have any default gateway
    • third NIC for internal network

    Talk with your ISP.


    Hope this helps!

    Luk

Children