atcomsystems.ca/forum Forums VOIP Phones & IP PBX Networking help with setting up a firewall

I need to setup a firewall on my home network. I am starting to do some Trixbox work and some remote access to one of my desktops. I have a PIX 501 firewall and a Watchguard Firebox Soho 6.

I would prefer to use the Firebox. I have a range of public IPs from my ISP. I am running a highspeed DSL. That is about as far as I got. Does the firewall need its own IP address?

Thanks for the help in advance.

I would recommend using the PIX, but I am I little biased because I think Cisco makes great routers.

The IP address assigned to the router will be your Public IP for most of your outbound traffic on your network.

Below is an example -

Router Internal IP: 192.168.1.254
Router External IP: 69.29.54.221

Trixbox Internal IP: 192.168.1.201

Because you have multiple IP address from ISP, you can assign the next available Public IP to the Trixbox.

Trixbox External IP: 69.29.54.222

Now, if you are using the Pix, you have a couple of options. You can open up the router so ALL traffic from 69.29.54.222 goes to 192.168.1.201 or you can open specific ports, such as port 5060 for SIP.

I don't have the PIX handy, but I might try to get it. I have tried setting up the Firebox, but it doesn't want to work. I setup a static IP on the DSL modem. I turned off DHCP, and set another static IP on the firewall with all the same settings as far as subnet, gateway, etc...
I even left the trusted IP settings alone.

it won't connect to the internet. I am at a loss as to what I am doing wrong. When I plug the firewall between the DSL modem and the switch, I can't access either the firewall or the DSL modem from any computer, whether that computer is set for DHCP, or whether it is a static IP address.

Does the watchguard support ppoa authentication? If so i would set up the dsl modem in bridged mode and let the wg authenticate with the isp.

I have a feeling you are trying to assign one of the routable ip the dsl company gave to the wan side of the wg, which is sitting behind the modem. This is not going to work if the modem is doing the authentication.

Okay, I will look into that. The DSL modem has a built in firewall as well. Maybe I am making this thing too complicated. I have heard that the built in firewalls aren't very good, but for a home network? It has some fields for port forwarding and traffic blocking. Its a Qwest Q100 modem from ZyXel

Trust me. Put the dsl modem into bridge mode that way it emulates a "dumb" modem like the cable companies use. This will prevent you from having to configure two routers with firewalls, alleviating headaches and troubleshooting. However this is only going to work if your router supports ppoa/ppoe.

I will have to check the Watchguard documentation. I will have to see how to put the modem in bridged mode. I didn't see anything in the settings, but maybe it's hidden.

I think it's funny... we (telephone guys) get upset when an IT person wants to do our job, but when it's something IT related... we still want to do the work.

Setting up either router and putting the modem into bridged mode isn't very hard, but if you want it to work right the first time I'd suggest letting an experienced IT person do the work.

https://www.qwest.com/internethelp/modems/q100/modemDetail_q100_advanced.html

click on bridging and follow the guide.

You'll then need to plug in your PPPoE [email protected] and your password into your Watchguard or Cisco. That should get either firewall online and eliminate complexity of having 2 firewalls, double NAT, 2x port forwarding, etc.

(I tip my hat at Qwest for providing easy to follow instructions on how to do this on all of their hardware. I wish all ISPs did this.)

I don't know if the Watchguard had issues or what, but it wasn't working for me. So I decided to use the built in firewall on the Qwest Modem, and it seems to work rather well. It has several levels of protection, and it is very customizable.