We are only telling the firewall which interface to communicate on for traffic directed to the Untangle. Keep in mind that the rules created in the previous article control traffic routing between VLANs, so this is not really an issue. Once this is complete and you have finished the instructions above, you can click on the Port Forwards tab and add the rules to allow traffic to flow to the appropriate services on your internal network.Īt first glance, this configuration appears to be insecure because you are granting access to all VLANs from the one internal interface. If you have multiple public IP addresses, these will also need to be added individually on the External interface. Click on Save in the lower right corner of the window to save your settings. Repeat steps 4 and 5 until all subnets have been entered.ħ. Enter the network range for each subnet you wish to add including VLAN1.Ħ. In the top section next to IP Addresses, click Add.ĥ. Under the Interfaces tab, edit the internal interface.Ĥ. If you are unable to launch the client remotely, it is probably because you are coming from a different subnet and will need to configure the firewall locally.ģ. This can be done through a browser and does not need to be done on the local box. Log on to your Untangle Administration Portal and click on the Config tab. Rather than assigning a specific address for each subnet, we are able to configure the entire IP space in this area.ġ. There is, however, the option of configuring additional IP addresses for the interface. This causes the firewall to be able to communicate only with devices on the same subnet. The problem arises in that the Untangle traditionally only has one IP on its internal interface. All traffic to other local subnets is blocked to the extent that users on this subnet have a similar experience to what they would have from any other internet connection in the world. VLAN4 192.168.4.0 – This network was designed for guest access to internet resources. VLAN3 192.168.3.0 – All workstations are connected to this VLAN. VLAN2 192.168.2.0 – This VLAN handles all inter-server communications. No private network traffic occurs on this segment. VLAN1 192.168.1.0 – This VLAN handles all traffic intended for the internet whether incoming or outgoing. The end result of the previous article was a network configured with four VLANs. It would be wise to review that article before continuing with this discussion. For the sake of this discussion, I am going to build upon the discussion in the previous article located here and only focus on the configuration of Untangle to meet the needs of the network designed in that article.
One solution would be to revert back to a single subnet however, we would lose the benefits of network segmentation that reduces collisions and optimizes our network performance. I have however found a workaround that functions perfectly in my environment without compromising security or efficiency. However, things have changed on my network as they often do and we are now utilizing an Untangle firewall which does not currently support the use of VLANs. I did not go into detail on firewall configuration because this was not necessary for me at the time using a PIX 515e.
#Configure untangle firewall how to#
Some time ago, I wrote an article giving an overview of how to configure VLANs on a Cisco Catalyst 3550.
0 kommentar(er)
