Reply
TeXJ
Aspirant

Being able to have IPs forwarded from WAP to NGFW

Network setup:

Wireless network > Netgear > NGFW > ISP modem

 

I have a firewall that is between my ISP modem and the Netgear Nighthawk(R7900).

Currently looking at traffic logs on my firewall, all the traffic is sourced from my "internet port" on the WAP.   I would like to be able to see which of the many devices connected to the WAP are sending what traffic to my firewall.  

 

Scenario:

A person with a phone connects wirelessly to the netgear via wifi.  Their IP on the wireless network is 192.168.1.12.  

This traffic is sent out the "internet port" on the WAP to the firewall.  The internet port's IP is 172.168.12.2 and the next hop(firewall) is 172.168.12.1.

In my traffic logs I see all traffic is sourced from 172.168.12.2.

 

When I go to the netgear I can see that it is seeing the MAC addresses and the name of each device.  Is there a way that the netgear can forward this information(I really just want the IP to be forwarded) to the firewall?

 

Background:  When I first started to hook all of this up, I wasn't getting any traffic coming back from the netgear.  I then had to do a factory reset and then the netgear booted and noticed I had a firewall and then did it's thing and after that I was able to get traffic to pass from the wifi network to the outside world.  

Not sure if there is a bridge mode and if that mode would do what I would want?  If in bridge mode would the other functionality work(wifi, different frequencies...etc)

 

Thank you!

 

 

Model: R7900|Nighthawk X6 AC3000 Tri-Band WiFi Router
Message 1 of 5
antinode
Guru

Re: Being able to have IPs forwarded from WAP to NGFW

> Model: R7900|Nighthawk X6 AC3000 Tri-Band WiFi Router

 

   Firmware version?  Connected to what?

 

> Wireless network > Netgear > NGFW > ISP modem

 

   That's very unclear.  What, exactly, does "Wireless network" mean to
you?  Is it a box, or a collection of devices (connected to something?),
or what?  "Netgear"?  Is that the R7900?  "NGFW"?  Is that your
(unspecified) "a firewall"?  Has it a maker and model number?  What,
exactly, is your (unspecified) "ISP modem"?  Has it a maker and model
number?  Is it a modem or a modem+router, or what?

 

> [...] the WAP. [...]

 

   What, exactly, is this "the WAP"?  Is it also the R7900, or something
else?  Is the R7900 configured as a router or as a wireless access point
(WAP)?

 

> [...] I wasn't getting any traffic coming back from the netgear. [...]


> [...] noticed I had a firewall and then did it's thing [...]

 

   I have no idea what any of that means.  As usual, showing actual
actions (commands) with their actual results (error messages, LED
indicators, ...) can be more helpful than vague descriptions or
interpretations.

 

> Not sure if there is a bridge mode [...]

 

   Where?

 

   Based on practically no useful information, I'd guess that if your
(unspecified) "a firewall" is actually some kind or router, then you
might want to configure your R7900 as a WAP.

 

   Visit http://netgear.com/support , put in your model number, and look
for Documentation.  Get the User Manual.  Read.  Look for "Use the
Router as a Wireless Access Point".

Message 2 of 5
TeXJ
Aspirant

Re: Being able to have IPs forwarded from WAP to NGFW

ISP Modem > Palo Alto > R7900|Nighthawk X6 AC3000

 

The above is all the devices in the topology.  Nothing more.  When speaking of the WAP, wireless access point, that would be the Nighthawk as non of the others are able to provide wireless access. 

 

 

Firmware of Nighthawk: V1.0.3.18_10.0.42

 

The model of the NGFW or even the ISP modem doesn't play any role here.  The issue is with the Netgear device and it being able to forward the IP of the devices.  If not the IPs then maybe another identifying aspect specific to the different devices that are connected to the Netgear WAP. 

 

You asked if the netgear was configured as a WAP or a router.  

The netgear is sending traffic from one private IP range to another private IP range.  So all traffic from the home network goes to the Netgear on a 192.168 network and then is sent out it's "internet" port to the 172.16 network.   This traffic then goes to the Palo Alto.  

 

With regards to actual logs and such, which logs would you like to see?  All I see are DHCP logs. 

 

> [...] noticed I had a firewall and then did it's thing [...]

I'm not sure, what it did.  As the netgear device didn't make it clear.   I do not have logs of this.  

 

 

> Not sure if there is a bridge mode [...]

The netgear. If the netgear has a bridge mode.  I wouldn't need that on the Palo alto or the ISP modem.

 

Thank you for the information about having the netgear as a wireless access point.  I'm new to netgear and their nomenclature they use.  

 

 

 

 

 

Message 3 of 5
antinode
Guru

Re: Being able to have IPs forwarded from WAP to NGFW

> ISP Modem > Palo Alto > R7900|Nighthawk X6 AC3000

 

   What, exactly, is your "ISP Modem"?  Other than a city, what,
exactly, does "Palo Alto" mean to you?

 

> The model of the NGFW or even the ISP modem doesn't play any role
> here. [...]

 

   Again, what, exactly, is your "NGFW"?  I admire the confidence with
which you've decided what's relevant here, but hiding potentially
helpful information is unhelpful.  Some of the people in your audience
know nothing about your "NGFW" or your "Palo Alto", and, with no actual
information about them, are effectively prevented from puzzling out what
you're talking about.  Calling one device by mutiple names is also
unhelpful.

 

> [...] The issue is with the Netgear device and it being able to
> forward the IP of the devices. [...]


   Thanks for your opinion, but "forward the IP of the devices" is a
concept without a known meaning.

 

> [...] I'm new to netgear and their nomenclature they use.

 

   It's the nomenclature which everyone uses.  Unlike the technical
terms which you invent yourself.

Message 4 of 5
TeXJ
Aspirant

Re: Being able to have IPs forwarded from WAP to NGFW

I'm not sure if you're trying to help me or just belittle me.  And I am well aware of networking terminology.  I didn't "invent" any thing while I was typing.  

 

Furthermore, if you're this all knowing person you would know what Palo Alto is.  A simple google search would show it.  I assume you know what google is.  

Just because I'm ignorant of Netgear doesn't mean I'm ignorant of networking and your tone with me is uncalled for.  If you don't want to help, then don't no need to belittle me.

 

What I had said was pretty simple.  You are making it way more difficult than it needs to be.  

 

For instance, you need to know the model of the ISP modem...why?  What does that have to do with this scenario?  The issue is with the netgear device and it sending the IP/user id of the devices connected to it to the firewall.  The modem doesn't even come into play here. 

 

My confidence comes from years of experience in networking.  Granted that is with commercial devices and thus I'm here trying to figure out a networking device that I'm ignorant to how it works and what it can and can't do. 

 

If you do not want to provide that, then fine.  However, don't come here acting like you have a chip on your shoulder and I'm below you. 


I can gurantee you, you don't act like that to people when you're face to face with them. 

 

Oh and I'm not sure if you're just slow or you don't care, but netgear and nighthawk are the same thing.  This post has my model number already.  I've already mentioned the devices that are in play in this topology. 

 

 

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 203 views
  • 0 kudos
  • 2 in conversation
Announcements