cancel
Showing results for 
Search instead for 
Did you mean: 

Watchguard Soho6 Firewall....HELP!!!

N/A

Watchguard Soho6 Firewall....HELP!!!

I have been using F9 Broadband for a while now, but I just bought a WatchGuard Soho6 Firewall (Hardware). Following the instructions in the manual, I've whacked the firewall in between my ADSL router and my network hub. The manual also told me to set my TCP/IP settings to use DHCP and to 'Obtain an IP address automatically', which I have done. My Internet connection still seems to work (according to the lights on the router), but I cannot connect to the Internet on my PC or even get to the router setup webpage or the firewall setup webpage stored in each devices internal memory!!!

Does anyone have any ideas what I'm doing wrong?
3 REPLIES
N/A

Watchguard Soho6 Firewall....HELP!!!

I'm not familiar with the product itself, but I would imagine it's of the type which would be known as a "Cable/DSL Firewall/Router". I have a similar device myself.

The important point to realise is that by introducing the device into your network, you've actually divided your home network into two separate networks, with the Firewall straddling the two (just as your ADSL router straddles two networks, the public Internet and your home network).

The diagram below gives an approximation of what I imagine your home network is now like:



The components may not be exactly right, but hopefully they correspond well enough to be able to talk meaningfully about them. You may not have a PC connected in the same was as the one marked "Server", so we'll pretend that one's not in the diagram, and the box labelled "Wireless" needs to be understood as meaning "Firewall" for it to make sense to you. The firewall is connected into your hub, and you'll have one or more PCs also connected to the hub, so logically the connections are as shown in the diagram -- the PCs are connected to one another and to the firewall via the hub.

So, assuming that's sufficiently close to your setup for you to recognise it, let's talk about it in more detail. The ADSL router has two IP addresses: the public one by which your whole network is known externally on the Internet and large, and a private one, its "LAN" interface, shown as "Private-1.1" in the diagram. This is to indicate that it's in your first private network, which is a different network from "Private-2" your other network, and the IP addresses used must indicate two separate networks.

The "LAN" interface of the ADSL router is connected by a network cable to the "WAN" interface of the firewall. Thus, they're in the same network, and they both have "Private-1" network addresses.

The "LAN" interface of the firewall, together with all the PCs are in a second network, and are given IP addresses which reflect this fact, shown as "Private-2" in the diagram.

Armed with this information, let's see how this works out in practice. I don't know the private IP addresses you like to use, so I'll make some up. You could use these if you like, or if you prefer, post with details of the ones you're using and we'll work with those.

OK, so I'll start with the private IP addresses for the network 192.168.0.0. This is a "Class C" network, which means the first three numbers of the address indicate the network, and the final number of the address indicates the particular host within that network, starting with "1". So, the first assignable address on this network is 192.168.0.1 and we'll assign that to the ADSL router's "LAN" interface. As we said, the firewall's "WAN" interface is in the same network, so it too must have a 192.168.0 address, and we'll assign it the second one, giving 192.168.0.2. The subnet mask for both of these is 255.255.255.0 (indicating the first three numbers are "network", the last one is "host"). For the Firewall, you'll also need to specify a default route (prehaps called a default gateway), and for this the address is the address of the ADSL router's LAN interface -- 192.168.0.1 in this scenario. If the firewall has an option for switching NAT on and off, switch it on.

Now we turn to the Firewall's "LAN" interface, and the PCs' network configurations. They're all in a separate private network, so they must not have 192.168.0 addresses -- we need a different network. 192.168.1 is a different network (the first three numbers indicate the network, an dthe third number is different, so it's a different network). The first assignable address in this network is 192.168.1.1, and we assign it to the firewall's "LAN" interface. Addresses 192.168.1.2, 192.168.1.3 and so on can be assigned to each of your PCs. Again, for all of these, the subnet mask is 255.255.255.0. For the PCs, specify a default route (default gateway) of 192.168.1.1 (ie the firewall's "LAN" address). Also, on the PCs, specify DNS servers of 212.159.13.49 and 212.159.13.50.

With this configuration, the PCs should be able to bring up the firewall's web pages by addressing 192.168.1.1, the ADSL router's web pages by addressing 192.168.0.1 and access Internet hosts by hostname as normal.

The setup should work using the addresses I've given, but if you prefer to use others (there are private networks with addresses starting 172, or network 10) please post, and we can sort some out.
N/A

Watchguard Soho6 Firewall....HELP!!!

Thanks for your reply....your obviously an expert at this kind of thing! hehe

Ignoring the Firewall, I'm currently using:

Router LAN IP: 10.0.0.2
Router LAN Subnet: 255.0.0.0

PC IP: 10.0.0.3

I cannot currently access the settings for the firewall, but the Network Administrator at work has told me that I need to make sure that I set it to 'Automatically assign IP address'.....

Does this help?
N/A

Watchguard Soho6 Firewall....HELP!!!

Yes, it does help.

Network "10" is a "Class A" network, which means just the first byte ("number") of the IP address indicates the network, and the final three bytes indicate the host within the network. (Hence the 255.0.0.0 subnet mask, which actually implies no subnetting.) That allows an enormous number of hosts (getting on for 17 million) to be in the single network. If you want to use a Class A address, network 10 is the only one which is authorised for private use.

Since you've got two internal networks, you have a choice. You can use network 10 for one of them, and choose a different network number for the other, or instead of treating your home network as two separate networks, you can use subnetting to divide it into two subnets of a single network, which will enable you to use 10.<something> across your entire network. But the addresses still have to be used in a consistent manner, which means you will have to change one of the current addresses 10.0.0.2 or 10.0.0.3.

The natural subnet mask for network 10 is 255.0.0.0, which means the first number is the network component of the address, the remaining three the host number within that network. To use subnetting, you specify a subnet mask other than 255.0.0.0 -- the obvious ones are 255.255.0.0 or 255.255.255.0. The first allows you to specify 256 different subnets each of which can have up to 65,534 hosts; the second allows 65,536 subnets each with up to 254 hosts. Either should be ample for a home network!

Let's choose 255.255.0.0. This means the first two numbers in the address indicate the (sub)network component, and the last two the host number within that network. So, we can keep "10.0" for one of our subnets, but the other will have to change to 10.<something other than 0>. 10.1 would be perfectly legitimate, but I'm going to use "10.10". The next thing is to decide which subnet keeps the "10.0" addresses and which changes. I'll choose to keep the ADSL router as 10.0.0.2 (which means the PC won't be able to have 10.0.0.3). What is beyond doubt is we will have to change the subnet mask values throughout the network from 255.0.0.0 to 255.255.0.0.

So, on your ADSL router, change the subnet value on the LAN interface to 255.255.0.0. The IP address stays at 10.0.0.2 (what's using 10.0.0.1?). The "WAN" interface of the firewall can now use 10.0.0.<something other than 2>, possibly 10.0.0.1, or 10.0.0.3, you choose. If you're using DHCP to configure the "WAN" interface (personally I don't recommend it for one interface, but never mind), then the ADSL router will have to be set with appropriate DHCP server parameters: a start address of, say 10.0.0.3 and an end address of (say) 10.0.0.255 (the highest legitimate address you could use is 10.0.255.254). Default Route is 10.0.0.2 (the LAN address of the ADSL router).

Now for the "LAN" side of the firewall, and the PCs. The subnet mask throughout is 255.255.0.0. The "LAN" interface of the firewall could be set to 10.10.0.1, which means the PCs can then have 10.10.0.2, 10.10.0.3, etc up to 10.10.255.254 (on your 65,533rd PC!). The default route is 10.10.0.1 (the LAN address of the firewall). As before, the DNS values are 212.159.13.49 and 212.159.13.50.

With this arrangement, the firewall webpages should be reachable on 10.10.0.1, and the ADSL router's webpages on 10.0.0.2. Internet hosts should be accessible by name.