webramp firewall question

[kermalou]

i just got the webramp firewall and need to know if this will work in my office,

i have currently----

dsl modem ---- linksys WAP ---- switch ------other computers/switches/hubs
(dhcp)

can i just install this puppy between the WAP and switch or should i just hang it off the switch or before the WAP?

 

[vi edit]

I would imagine that it goes between the DSL modem and the WAP. That would be the proper placement for most security/routing devices.

 

[kermalou]

what about "double NAT" don't know what that means, but people are saying that with two routers it won't work

 

[vi edit]

Where's the other router? The webramp "firewall" really is really just a glorified consumer level router with a little more control over port and allows you to set up rules. It's got the same menus and configurations as a sonic wall firewall. Is this the 700 model? I'm assuming it's got a WAN port, and then four LAN ports on the back?

You should just be able to go from the DSL modem -----> firewall ----> hub/switch -----> access point & wired PC's.

This is assuming that the DSL modem is just a simple modem that doesn't have any sort of routing abilities. If the modem DOES work as a router you can turn off the NAT, assign it a static public IP, then pass it on to the firewall, have the firewall use the modem as a gateway, give the firewall a public static IP, and then let the firewall do all the NAT and DHCP stuff.

Make sense? Do you have the make and model number of the dsl modem?

 

[vi edit]

config info

 

[kermalou]

found this site....

very very helpful, got off of phat wal let

 

[iDazzler]

Thanks for the Link kermalou. I haven't set up my webramp yet but I was planning on going this route:

dsl modem ---- webramp ----- belkin router ------ computers

I also would note that I didn't have a crossover cable which you will need.

Thanks for the help guys.

 

[vortix]

Originally posted by: iDazzler
Thanks for the Link kermalou. I haven't set up my webramp yet but I was planning on going this route:

dsl modem ---- webramp ----- belkin router ------ computers

I also would note that I didn't have a crossover cable which you will need.

Thanks for the help guys.

If it helps any, the webramp has a built-in crossover port, in addition to 3 normal ports.

 

[iDazzler]

Hi Vortix,

Caught you on the I-H board as well. Unfortunately as I metioned over there, no go for me.

I should solve this issue soon.

Thanks for the help,

 

[vortix]

haha i didn't even notice that was you over there iDazzler

Anyway....to get that all wired correctly, connect the DSL modem to the crossover port on the webramp, then one of the 3 remaining ports on the webramp to the WAN port of your router (all using normal ethernet cables). That *should* work. Also, make sure your webramp is in "Standard" mode and not doing any sort of NAT or anything.

 

[iDazzler]

Thanks a lot Vortix for taking the time to clearly explain the network setup. It worked right off the bat! If you have any xml/jsp/java questions, shoot them my way.

I owe you one...

 

[xyyz]

double nat? hmmm... i have a double nat... with my webramp and my 806 and i have had no issues so far. if you're trying to get from outside to the inside then there will be an issue. you'll need some static mapings and what not.

personally, i'd put the webramp before the AP... which will protect everything inside... however, i've been recently told my by network security instructor that the firewall is best when it goes behind the router.

as for vi_edit's remark about the webramp being a "firewall" and nothing more than a glorified consumer level router... is a wrong remark. the device is actually an ICSA certified security appliance... IE firewall

this item is a rebadged Sonicwall SOHO. as a matter of fact the latest firmware upgrades makes changes the internal interface to that of a Soniawall SOHO.

"The SonicWALL SOHO/10 is an ICSA Certified Firewall Appliance that is perfect for small to mid-sized business and educational facilities that have dedicated Internet connections and 10-users or less."
link

"The device has been tested and 'certified' by the ICSA group."
link

you get in on the centrix deal and upgrade the unit through tom's service?

 

[iDazzler]

Hi Gang,

I'm back with one last question. Do I have to have a physical connection (e.g. pc on webramp port ) to webramp to access the system console? I read in the docs but still remain confused. I have been unplugging my jack from my Wireless Router and Plugging it back into the webramp and then changing my ip on the pc that's on the webramp port to 192.168.168.2 ( or any number above 1 e.g. 192.168.168.21...) and putting in the subnet mask and default gateway.

Am I missing something? I'm sure it's got to be simple. Talk about a crash course in networking!



XYZ,

About your instructor's tip if I understand you correctly it would look like this on a wireless router:

DSL/CABLE Modem --- Wireless Router ---WebRamp( Firewall) --PCs

Have you tried it? Any feedback would be appreciated....


Thanks in advance...

 

[xyyz]

Originally posted by: iDazzler
Hi Gang,

I'm back with one last question. Do I have to have a physical connection (e.g. pc on webramp port ) to webramp to access the system console? I read in the docs but still remain confused. I have been unplugging my jack from my Wireless Router and Plugging it back into the webramp and then changing my ip on the pc that's on the webramp port to 192.168.168.2 ( or any number above 1 e.g. 192.168.168.21...) and putting in the subnet mask and default gateway.

Am I missing something? I'm sure it's got to be simple. Talk about a crash course in networking!



XYZ,

About your instructor's tip if I understand you correctly it would look like this on a wireless router:

DSL/CABLE Modem --- Wireless Router ---WebRamp( Firewall) --PCs

Have you tried it? Any feedback would be appreciated....


Thanks in advance...

the way you laid it out is how my instructor recommends it... and i guess i'll eventually change my setup. my setup has a minor flaw, in that the reflexive access list on 806 opens a hole for a brief period of time, and eventhough this scenario is pretty unlikely, if i'm connected to a device on a proxy, someone else behind that proxy can get access. it was a bit beyond me how someone could actually penetrate the network, but i guess i'll learn that later on.

okay... i'm a bit confused. i thought you said the wireless device was an access point. now you're saying it's a router. that really changes things. i guess i should have picked this up when you mentioned a double NAT. you shouldn't need a direct connection between your console and your webramp.

internet<----->webramp<----->wireless router<----->internal network

internally, you're dealing with 2 networks. what i did when i had the webramp and the linksys device was to create a static route from one network to the other.

you know what, i'm looking at my webramp's static routes right now, and i do have a static route to my internal network... but i don't know why i put one in, because any non-intiated access will still be blocked... but you might want to try a static route. have the external interface on the wireless router act as the gateway to get into your internal network.

give it a try and see what happens.

 

[iDazzler]

Hi xyz,

Looks to me like Vortix's solution works best for me.

DSL -->Webramp ( in hub x jack) --> Router --> LAN(PCs)


Everything works fine other than administering the console from the LAN. Since I won't be making many modifications to Firewall, it's not a big deal.

Thanks for your help