- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Multiple Firewalls Configuration
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to setup a multiple router configuration using an FVS2318N (firmware version: v4.3.5-3) and FVS318v3 (firmware version: v3.0_28) Firewalls to create two distinct networks both able to access the Internet via the DM111P Modem (firmware version: v2.00.31).
Currently the FVS2318N is connected to the DM111P via its WAN port and the network and WiFi access appear to be working fine. All web searches for any information to hooking up multiple routers together to achieve the above have resulted in no success in getting the FVS318v3 to connect to the Internet.
I initially tried connecting the FVS318v3 via its Internet port to one of the LAN ports on the FVS318N, but although the ip settings appear to be correct no Internet access has been possible. The settings are:
FVS318N:
WAN:
Internet IP Address: Get Dynamically from ISP
DNS Servers: Get Automatically from ISP
LAN:
Internet IP Address: xxx.xxx.1.1
Subnet Mask: 255.255.255.0
DHCP Server : Enabled
Start IP: xxx.xxx.1.201
End IP: xxx.xxx.1.220
Lease Time: 24 hours
Enable DNS Proxy: Checked
FVS318v3:
WAN:
Does Your Internet Connection Require A Login? No
Internet IP Address: Get Dynamically from ISP
DNS Servers: Get Automatically from ISP
LAN:
Internet IP Address: xxx.xxx.2.1
Subnet Mask: 255.255.255.0
DHCP Server : Enabled
Start IP: xxx.xxx.2.181
End IP: xxx.xxx.2.200
Primary DNS Server: xxx.xxx.2.1
Lease Time: 24 Hours
Under Schedule: The NTP server specified 206.16.42.194 is returning the correct date and time.
I've also tried connecting the FVS318v3 via one of its LAN ports to one of the LAN ports on the FVS318N. That did not work and caused all Internet access to be lost on both LANs.
I've also tried setting up VLANs on the FVS318N and connecting the FVS318v3 via its Internet port to one of the LAN ports on the FVS318N:
FVS318N:
WAN:
Internet IP Address: Get Dynamically from ISP
DNS Servers: Get Automatically from ISP
LAN:
Internet IP Address: xxx.xxx.1.1
Subnet Mask: 255.255.255.0
DHCP Server : Enabled
Start IP: xxx.xxx.1.201
End IP: xxx.xxx.1.220
Lease Time: 24 hours
Enable DNS Proxy: Checked
VLAN1:
Internet IP Address: xxx.xxx.1.1
Subnet Mask: 255.255.255.0
DHCP Server : Enabled
Start IP: xxx.xxx.1.201
End IP: xxx.xxx.1.220
Lease Time: 24 hours
Enable DNS Proxy: Checked
VLAN2:
Internet IP Address: xxx.xxx.2.1
Subnet Mask: 255.255.255.0
DHCP Server : Disabled
Enable DNS Proxy: Checked
FVS318v3:
WAN:
Does Your Internet Connection Require A Login? No
Internet IP Address: Get Dynamically from ISP
DNS Servers: Get Automatically from ISP
LAN:
Internet IP Address: xxx.xxx.2.2
Subnet Mask: 255.255.255.0
DHCP Server : Enabled
Start IP: xxx.xxx.2.181
End IP: xxx.xxx.2.200
Primary DNS Server: xxx.xxx.2.1
Lease Time: 24 Hours
Under Schedule: The NTP server specified 206.16.42.194 is not returning the correct date and time.
Can anyone advise on where I am going wrong? Any assistance would be appreciated.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The IP and DNS server addresses were all 0.0.0.0.
Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.
I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.
So, you are actually doing a port-based VLAN and the DHCP is disabled that is why the FVS318v3 is not receiving any IP from port 5. If port-based VLAN is being used, only the said VLAN address will passthrough. Default is same as Trunking in "Default VLAN" configuration.
What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.
Well, it depends if you wanted to separate each port of the FVS318N.
Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:
WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP
LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1
Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version : Disabled
MTU Size - Custom : 1492
Are those settings correct? Do they need to be changed at all?
Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?
Yes, everything seems to be correct. If you will be connecting a VLAN switch, then the uplink port of the switch should be set to T and should be connected to a trunk port of the router.
e.g.
FVS318v3 has 3 VLANS.
VLAN 1 - 192.168.10.x
VLAN 2 - 192.168.20.x
VLAN 3 - 192.168.30.x
All VLANs are DHCP Enabled
Port 1 - Default - All VLANs can passthrough as it is set to Trunk
Port 2 - VLAN 2 - Only VLAN 2 will passthrough as it is set to port-based
Port 3 - VLAN 3 - Only VLAN 3 will passthrough as it is set to port-based
On this case, you can connect the switch to Port 1 of the router and set the uplink port of the switch as T or Tagged / Trunk. Just make sure that you also created the 3 VLANs in the switch. If there's any confusion just let me know.
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Multiple Firewalls Configuration
Hi ridgedale,
As per checking, the DNS proxy is not enabled on the LAN of your FVS318v3. Always put a check mark on "Enable DNS Proxy" if you wanted that LAN to have internet access.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Multiple Firewalls Configuration
Hi JohnCarloV,
Thank you for your reply.
I've checked the Enable DNS Proxy setting for the VLAN and rebooted the computer, but there was no change. I still cannot access the Internet from any device connected to the secondary FVS318v3 firewall. I've also tried switching the network cable connected to the primary FVS318N firewall from the Internet port to one of the LAN ports. That did not work either.
Is there anything else that needs to be changed?
Kind Regards
ridgedale
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Multiple Firewalls Configuration
Just to verify, Did you hit apply right after putting a check mark on the enable DNS proxy? Kindly bypass the FVS318v3 and connect it directly to the modem. May you be able to attach a screenshot of your current network setup?
Regards,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Multiple Firewalls Configuration
As per checking your network diagram, it should not cause any issue. Kindly try the following:
- What is the IP address of the FVS318v3 on WAN? Monitoring > Router Status > WAN IP
- Go to LAN Setup > Default VLAN > Port 5 - Default
- Remove the FVS318v3 from port 5 of the FVS318N and replace it with a PC. Check if will receive an IP and browse internet.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Multiple Firewalls Configuration
Hi JohnCarloV,
Thank you for the pointers. I followed what you requested.
The IP and DNS server addresses were all 0.0.0.0.
Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.
I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.
What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.
Hopefully I've understood correctly now how the firewalls and VLANs need to be configured as I can now access the Internet from any port as expected. As an example for each of the ports on the FVS318N to be configured as separate VLANs the following VLAN configurations are required:
Port 1 : 192.168.1.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.1.2-10 | Primary & Secondary DNS Server : both blank | Enable DNS Proxy | Port 1 assigned to default
Port 2 : 192.168.2.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.2.2-10 | Primary DNS Server : 192.168.2.1 | Enable DNS Proxy | Port 2 assigned to VLAN2
Port 3 : 192.168.3.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.3.2-10 | Primary DNS Server : 192.168.3.1 | Enable DNS Proxy | Port 3 assigned to VLAN3
Port 4 : 192.168.4.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.4.2-10 | Primary DNS Server : 192.168.4.1 | Enable DNS Proxy | Port 4 assigned to VLAN4
Port 5 : 192.168.5.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.5.2-10 | Primary DNS Server : 192.168.5.1 | Enable DNS Proxy | Port 5 assigned to VLAN5
Port 6 : 192.168.6.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.6.2-10 | Primary DNS Server : 192.168.6.1 | Enable DNS Proxy | Port 6 assigned to VLAN6
Port 7 : 192.168.7.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.7.2-10 | Primary DNS Server : 192.168.7.1 | Enable DNS Proxy | Port 7 assigned to VLAN7
Port 8 : 192.168.8.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.8.2-10 | Primary DNS Server : 192.168.8.1 | Enable DNS Proxy | Port 8 assigned to VLAN8
Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:
WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP
LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1
Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version : Disabled
MTU Size - Custom : 1492
Are those settings correct? Do they need to be changed at all?
Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?
Thanks again for all you help and patience.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The IP and DNS server addresses were all 0.0.0.0.
Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.
I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.
So, you are actually doing a port-based VLAN and the DHCP is disabled that is why the FVS318v3 is not receiving any IP from port 5. If port-based VLAN is being used, only the said VLAN address will passthrough. Default is same as Trunking in "Default VLAN" configuration.
What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.
Well, it depends if you wanted to separate each port of the FVS318N.
Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:
WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP
LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1
Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version : Disabled
MTU Size - Custom : 1492
Are those settings correct? Do they need to be changed at all?
Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?
Yes, everything seems to be correct. If you will be connecting a VLAN switch, then the uplink port of the switch should be set to T and should be connected to a trunk port of the router.
e.g.
FVS318v3 has 3 VLANS.
VLAN 1 - 192.168.10.x
VLAN 2 - 192.168.20.x
VLAN 3 - 192.168.30.x
All VLANs are DHCP Enabled
Port 1 - Default - All VLANs can passthrough as it is set to Trunk
Port 2 - VLAN 2 - Only VLAN 2 will passthrough as it is set to port-based
Port 3 - VLAN 3 - Only VLAN 3 will passthrough as it is set to port-based
On this case, you can connect the switch to Port 1 of the router and set the uplink port of the switch as T or Tagged / Trunk. Just make sure that you also created the 3 VLANs in the switch. If there's any confusion just let me know.
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Multiple Firewalls Configuration
Hi JohnCarloV,
Thanks you for all your assistance. Much appreciated.