Results 1 to 1 of 1
  1. 08-09-2012, 08:59 AM #1
    Edbert
    Edbert is offline
    Newbie
    Join Date
    Aug 2012
    Posts
    1

    Default beyond the quickstart and FAQ

    All, sorry for asking newbie questions but I just installed the lite version this morning, so one cannot be more newbie than me. I left the NICs disconnected for now to avoid breaking stuff since I clearly do not know what I am doing.

    I read the sticky and have a drawing attached but the network is simple enough it should not be needed.

    NETWORK:
    • I have a network with existing router, it has a single WAN and single LAN port. I do not have access to the configuration, the ISP manages it.
    • The LAN port is connected to the firewall's external NIC with a "crossover" cable.
    • The firewall has 5 internal connections, 2 of which are not used, the three active interfaces are; core/wifi/dmz subnets.
    • The untangle box only has two NICs, I can add more later but want to focus on the core subnet for the testing period.
    • The default gateway for the core subnet is on the switch not the firewall.
    • The firewall (Cisco PIX with ASA code) has failover enabled.
    • Firewall internal address is 192.168.0.1, default gateway for all nodes is 192.168.0.101.


    QUESTIONS:
    • Instructions say to connect the external port on untangle to the firewall, where/how, unused port, crossover cable? That seems wrong to me, wouldn't it make more sense to direct outbound traffic from the switch (also gateway remember) to the untangle-internal NIC and have untangle work as a router/firewall having 192.168.0.1 be the gateway on untangle-external NIC? As long as the external NIC is on the same subnet as the PIX internal couldn't they both be connected to the switch?
    • Does untangle understand failover? By adding more NICs to the untangle server I could connect it to both firewalls, but since they are both currently connected to the switch you can see one reason why I'd like to have the untangle-external connect to the switch as well instead of physically to the firewall(s).
    • In order to avoid breaking anything I'd like to start this in passive mode, just have it look/monitor without blocking anything until I'm sure it is working correctly, is there a provision for that?
    Attached Images Attached Images
    Last edited by Edbert; 08-09-2012 at 09:17 AM.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2