LinkBack URL
About LinkBacksNo make sense, from your first post (without drawingOriginally Posted by don_bedlam
) the "alias" is make in the firewall, only broad the subnet should be fine.
No make sense, from your first post (without drawing
The world is divided into 10 kinds of people, who know binary and those not
One of those "need a Visio" guys?No make sense, from your first post (without drawing
I will try it both ways.
Sorry, NFG, same thing. In fact I could not even get to the Untangle web interface by typing the IP address.
Anything else?
I do have one other internal network, but it is just for my phones, and it does not need outside access. Should I have to change the subnet just because it exisits?
You won't need the alias if you widen the range. Widening the range only works because you have contiguous IP blocks internally. If you had different IP blocks you'd have to make aliases. But to be honest at that point you're starting to reach into the black hole that is Untangle's bridging that is affected by routing...
There are times when a bridge is harder to integrate with a network than a router. Any network with more than one IP range IMHO, should use a router. Troubleshooting is easier for those new to Untangle. Even if it does require network restructuring to work.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
Thanks for the info. I am not about to restructure the network for an evaluation. I guess I will have to look elsewhere for a solution if no one here can help.
On a network that complex I suggest you contact a local reseller, or Untangle support. There is no such thing as a drop in "eval" for multi-segment networks. And you don't have the training. You can get the training over time sure, but something you're doing is goofing it up. All of your 192.168 networks should be passing through that Untangle bridge without issue if Untangle has a 192.168.x.x/16 address. It's the stuff that isn't 192.168.x.x that presents the issue.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
I have a sneaking suspicion that his "core switch" is not a switch but a router.
If you're thinking of buying anything, get in touch with a sales rep and they can get you some pre-sales support.
You have three separate subnets on your "internal" that you're bridging through the Untnagle. That isn't a valid configuration.
You'll need to accurately describe your network (logical network diagram and a physical) for anyone to be able to help you.
m.
<BR>
Big Frickin Disclaimer:
While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.<BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com<B>
My core switch is a swtich, an HP Procurve. I have a Watchguard firewall on the other side of the Untangle.
All I want is something I can use to monitor internet usage and produce reports as to what is being used and how much. I do not need or want any of the other featrures except perhaps the VPN.
Our firewall was not licensed for the feature of tracking and reporting, and is now an unsupported model so I cannot even purchase that. I cannot get approval to replace the firewall.
I am expected to provide a free solution for this as my boss wants the reports but will not give any money to the solution.
Untangled was recommended, but I does not look like it will work.
So still no ideas other than I need to draw a picture? I have accurately described my network, I do not know what else I can do to get help.
BTW, I am also trying out pfsense, in bridge mode, and it works. The reporting is not as nice.
PFSense is based on FreeBSD and provides a full layer 2 bridge.
Untangle is based on Linux and provides a full layer 2 bridge, with exceptions. Packets that go into the UVM are no longer bridged, but routed. So in some cases layer 2 is maintained, in others it is not. This causes issues with more advanced networking equipment. It also imposes additional configuration that other bridge devices don't require.
Untangle will work in your case, you must disable ARP defenses in the Procurve, and the Watchguard, then install Untangle with the /16 netmask as described and it should simply work.
As for the rest, your boss is being very unreasonable. There is no such thing as "free" for a network of that size. Either you're going to pay in time to figure it out, or you're going to pay for a product that works. Untangle gives you the option of doing both. But you aren't going to get it to work without considerable time spent on your part experimenting.
Untangle can support your network. The problem at this point is that you cannot support Untangle on your network. Is it worth your time to over come that?
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
Posting Permissions
