Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

Monitoring multiple networks when in bridge mode

Follow
Avatar
Andrew

Hi.  I have a Firewalla Gold in Bridge mode.

There is an upstream router which serves a number of different subnets, e.g.:

192.168.1.1/24

192.168.2.1/24

192.168.3.1/24 etc

All those subnets are served through the same port.  The router simultaneously has a number of virtual IPs (i.e. 192.168.1.1, 192.168.2.1 and 192.168.3.1 etc)

None of the networks are VLAN tagged.

All the traffic for all of those networks goes into the Firewalla in bridge mode, and then out the Firewalla into a network switch.

In the Firewalla, I have a bridge network set up for the principal network (192.168.1.1/24), which works fine to monitor that network.  But I can't immediately see a way to monitor the other networks. Is there any way to do that please?  All the packets for all the networks are flowing through the Firewalla though, so hopefully it's possible.

Note I don't want to bridge the networks together in the Firewalla.  The upstream router takes care of that and has rules in place only to allow certain traiffic to cross between the networks.  I don't want to undermine that on the Firewalla by somehow inadvertently joining them together before they get to the upstream router.

Many thanks

0

Comments

4 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Do you mean you have .1, .2, .3 all running on the same LAN? do you know what firewalla gold is getting? I assume one of them is DHCP, rest are static? Firewalla only monitored the network that it is getting an IP from, or you can define them through VLAN's

    0
    Comment actions Permalink
  • Avatar
    Andrew
    • Edited

    Yes, they're all on the same physical LAN.

    .1 has DHCP running (but the DHCP server is in the upstream router). Other subnets are static.

    Firewalla at present only gets an IP for the .1 network. The question is whether I can get it to monitor the other networks (which are not VLAN tagged). All traffic flows through the Firewalla as it's on the same physical wire.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We never tested something like this. Firewalla at the moment can only monitor networks it knows ... So if you have one main network and two sort of semi active networks (with out dhcp), firewalla can't properly configure that on the bridge port.

    Possible to put your .2 and .3 networks on a VLAN?

    0
    Comment actions Permalink
  • Avatar
    Andrew

    The. 2 /.3 have some old devices on them (hence why they're segregated) that don't support VLAN tagging.

    On eg pfSense the functionality here is called virtual IP. It's basically giving the interface another simultaneous IP address.

    I imagine on Firewalla you'd add a feature on the networks screen to add a network that effectively does this. At the moment there's an add a bridge network option but you have to specify a VLAN tag.

    Many thanks for your help.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post