4. Connection Switch L3 and Firewall

Connection Switch L3 and Firewall

  • R

    Hello everyone!
    I hope someone can help me with my configuration…Below you can see it:

    firewall:
                  ip lan:  192.168.0.1/24
                  vlan68: 192.168.68.0/24
                  vlan69: 192.168.69.0/24
                  ip wan:  10.2.X.X/24 default gateway 10.2.x.x/24
    lan port connected with port 5 switch
    rules  lan/vlan68/vlan69 any any (just at moment...)

    switch L3:
                  ip lan: 192.168.0.3/24
                  vlan68: 192.168.68.0/24
                  vlan69: 192.168.69.0/24
    port 5 switch tagged for these vlan (68 and 69)
    default gateway 192.168.0.1

    If I ping from switch (192.168.0.3) to 8.8.8.8 is fine!
    ..........................................with source ip 192.168.68.x and 192.168.69.x to 8.8.8.8 not works...(:

    I hope someone can help me and thanks in advance!!!
    bye

    0
  • LAYER 8 Netgate

    You are calling it an L3 switch, but it looks like you are using it as an L2 switch. Or you're trying to do both which is nonsensical.

    A Layer 3 switch is just a router. A layer 3 switch VLAN without a VIF/SVI on it is just a Layer 2 switch.

    Need to know what, exactly, you are trying to do.


    0
  • R

    Hello Derelict,
    thank you for your answer I confirm the switch is configured as layer 3 and I created interface vlan with ip address for each vlan.
    from your answer I understand that I have downgrade the switch in layer 2 and probably it will be fixed.

    Thank you very much for you help!
    Bye

    0
  • LAYER 8 Netgate

    There is nothing wrong with using the layer 3 capabilities of your Layer 3 switch to route packets if that's what you want to do.

    But if you want to use the firewall capabilities of pfSense between the VLANs then you really only need a Layer 2 switch and should not be putting VIF/SVI on the switch itself on that VLAN. That will make all traffic have to go though the firewall to get from VLAN to VLAN.

    You can do both but it's pretty much one or the other per VLAN.

    0
  • R

    thank you again, to finish my explanation…still I have home router (no manage inter-vlan) so long time ago I bought switch Layer 3 to create different
    subnet for each department in my office.
    In few days I want to replace my router with the firewall and I thought to keep the same configuration for switch (it's a pity downgrade to L2)
    and the setup properly the firewall but I see nosense...

    bye

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy