Connection to internet from my Core 4948 with Firewall cyberoam and my router 2901

Glozano70 · ‎09-21-2016

Good Morning

I have a WSC4948 as my Core, where i have all my Vlans created, right now is working normal, with a gateway to my router 2901

Router 2901

interface GigabitEthernet0/1

network LAN

ip address XX.XX.8.1 255.255.248.0

interface GigabitEthernet0/0

network to Internet

ip address YY.YY.180.11 255.255.255.240

ip route 0.0.0.0 0.0.0.0 YY.YY.180.1

Core WSC4948

interface Vlan1
ip address XX.XX.9.20 255.255.248.0

ip default-gateway XX.XX.8.1
ip route 0.0.0.0 0.0.0.0 XX.XX.8.1

This is the actual configuration and everything is working ok

But now, my boss want to put a firewall between this 2 equipments, a cyberoam

we already configured this firewall with the follow IPs

For LAN

Port A

ip address XX.XX.8.18 255.255.248.0

For the public IP

Port B

ip address YY.YY.180.9 255.255.255.240

and change in my coreWSC4948 the gateway for this

ip default-gateway XX.XX.8.18
ip route 0.0.0.0 0.0.0.0 XX.XX.8.18

We can see all the traffic from all the VLANs created in the core in the firewall cyberoam,

but they can´t get out to internet, just only work with the LAN.

and when i change the gateway in the Core from

ip default-gateway XX.XX.8.18
ip route 0.0.0.0 0.0.0.0 XX.XX.8.18

to the original

ip default-gateway XX.XX.8.1
ip route 0.0.0.0 0.0.0.0 XX.XX.8.1

everybody have Internet, but avoid the firewall

My question it is, Is something that am missing to configured in the Core or in the Router?

Thank you, for your Help

chinmoy.boruah1 · ‎09-22-2016

Hi,

Problem here is basically with the routing part in between inside and outside facing ports in cyberoam.

As you could see that its not routing your packets from XX.XX.8.18 /20 to YY.YY.180.9 /28. Your firewall is probably working in bridged mode. Configure it to work in routing mode.