Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Nantuc

2 Posts

974

November 5th, 2018 07:00

PowerConnect 5548 VLAN Help - TMG is flooded with Broadcasts

Hello,

I am the administrator for a company that just migrated our complete On-Premise server infrastructure to the Microsoft Office 365 Cloud.  Our TMG router had done very well with all of our needs for our internal servers.  Now I have a single "One Rule to rule them all" rule that allows all outgoing protocols.  

The problem I have now, is that now that we are allowing ALL communications out of the Router, the Router is now intercepting all of the broadcast traffic from our Windows 10 notebooks.  We are being overwhelmed with IGMP, uPnP, and netbios traffic that all seems to be destined for IP addresses that are not routable through the internet, but are also not part of our internet subnets.  This flooding is tripping the flood protection of the firewall, with too many denied connections from a single IP.  What happens with that is that once the flood is tripped, it blocks all TCP traffic from that IP for 2 minutes.  This is causing massive performance issues in our company.

From everything I have read, this should be easily accomplished by setting up a broadcast domain on a VLAN on the switch.  Unfortunately, I have nearly no experience with managed switch configurations.

Our environment has a Forefront TMG Router, 2 - Dell PowerConnect 5548 switches.  One Switch for our Intranet 192.168.192.0/24 - 255.255.255.0 - GW: 192.168.192.1 which is serviced by DHCP, the 2nd switch is for our DEVnet which is static and segmented 192.168.195.0/29 - 255.255.255.248 - GW:192.168.195.1.  Each switch is connected to the firewall using the fibre channel port 1 from each switch connected to different interface adapters on the firewall.

Right now, both switches have EVERYTHING configured on the default VLAN 1, with a type of Access, including the firewall ports.  From what I am reading on the forums, it seems that I should have the Firewall port configured as a Trunk, with all ports enabled.

I really could use some help with how I could configure the switches so that our TMG firewall does NOT see the broadcasts.  

Thanks,

Nantuc

DELL-Josh Cr

Moderator

 • 

9.6K Posts

 • 

42.2K Points

November 5th, 2018 11:00

Hi,

VLANs and ACLs are the best way to segment the traffic. Page 98 https://downloads.dell.com/manuals/common/powerconnect-5500-series_ug_en-us.pdf

Nantuc

2 Posts

November 7th, 2018 04:00

Hi Josh,

Thanks for the information.  I read the .pdf, however, I have zero experience with layer3 switches.  My experience is more on the server side of things.  I really could use a bit of help with this configuration.  Can someone help me through my specific needs to block Broadcasts, Multicasts, and uPnP requests being sent to our TMG firewall?

I just need to isolate all of this traffic from being sent to the Ingress port for the firewall.

Thanks,

Kevin

Was this post helpful?

View All

0 events found

No Events found!

Top