Unsolved
This post is more than 5 years old
6 Posts
0
1741
September 19th, 2018 17:00
Dell N3048 Default gateway to firewall
A recent firewall update flags most of my internal traffic as spoofing. On my Dell N3048 I can see where my "Default" route goes to the firewall. All the traffic on this route seems to get tagged with the default VLAN according to my firewall. So VLAN 10 is subnet 192.168.10.0 with the firewall IP as 192.168.10.3. The default route on the Dell N3048 is 0.0.0.0 0.0.0.0 192.168.10.3. My other VLAN 20 is 192.168.20.0 uses that same default gateway. My firewall shows all traffic from 192.168.20.0 as VLAN 10. Is there a way to create multiple gateways to my firewall to make sure it is tagged correctly? Or is this not possible with the N3048? I have a bunch more VLANs so using a different port for each VLAN on the firewall is out. All traffic functions correctly when I turn off blocking spoofing on my firewall.
0 events found
tommypkow
6 Posts
0
September 20th, 2018 08:00
The port between the Dell switch and Watchguard (M400 with latest update) firewall is a Trunk with all the VLANs allowed through it. The Watchguard has a VLAN port configured with each VLAN included and each VLAN has an IP address. So the Dell N3048 uses one of the Watchguard VLAN ip addresses as the "Default" route/gateway. According to the Watchguard all traffic gets stamped with the Default route/gateway's VLAN. I have tested this by changing the Default route/gateway on the Dell N3048 and see the VLAN traffic on the Watchguard match this change.
tommypkow
6 Posts
0
September 20th, 2018 09:00
I did try that, but it didn't seem to work. When I created these additional routes they are a type "Static". This type has a lower Preference then Default so I think it will use the Default anyway. I believe i tried removing the Default route and left just Static and it didn't work. I will try that again though.
tommypkow
6 Posts
0
September 21st, 2018 13:00
I created the routes:
192.168.10.0 255.255.255.0 192.168.10.3
192.168.20.0 255.255.255.0 192.168.20.3
and it didn't work (no internet access or couldn't ping the .3). Keep in mind there are "Local" routes that are, I believe, auto-created when adding a VLAN that are:
192.168.10.0 255.255.255.0 192.168.10.1
192.168.20.0 255.255.255.0 192.168.20.1
These routes have a lower preference.
I also tried
0.0.0.0 0.0.0.0 192.168.10.3 VLAN 10
0.0.0.0 0.0.0.0 192.168.20.3 VLAN 20
This allowed internet access, but looking at traffic in my Watchguard I see traffic going out either VLAN. Some traffic is stamped VLAN 10 and some traffic VLAN 20.