I have a standard setup with a T1 coming into a router which is connected to a firewall and then to a private network. The router has a default gateway and the firewall has a default gateway. The router's gateway points to the Internet but I'm not sure about the firewall's gateway - should it point to the internal router connection, the external router connection or the Internet?
Additionally, when I set up DHCP, should I set it to the firewall's gateway or the router's?
It is not completely clear from your first sentence if the network is connected to the firewall, router, or both.
Assuming that the private network is connected solely to the internal side of the firewall, and the external side of the firewall is connected solely to the internal side of the router ...
The firewall's gateway address should be the internal IP address of the router.
The gateway address of the devices on the private network should be the internal IP address of the firewall.
Since you have a T1, they come with a very good support group, please ask them. In most cases your T1 provider already provided you with your IP range, mask and default gateway address - this is the information you enter into the Firewall.
If you have an internal network that has a Server/Domain you don't want to have the firewall do DHCP as the server should be doing it and also acting as the DNS with forwarding through the firewall to the ISP.
Is your network Windows based?
Do you have a domain (meaning are your computers setup in client/server mode or is everything just a workgroup)?
The default gateway is always the gateway in the same subnet, that every packet is sent to that can't be reached within the particular subnet.
Example: ISP uses aaa.bbb.ccc.0/30 as the transfer network and provides aaa.bbb.ccc.8/29 for your DMZ. THere are two servers in your DMZ and your firewall:
I'll try some ASCII art ...
router_at_the_isp | IP aaa.bbb.ccc.001/30 | | ext. IP aaa.bbb.ccc.002/30 router_from_isp | dmz IP aaa.bbb.ccc.009/29 |
+---- dmz server_1 aaa.bbb.ccc.010/29 | +-----dmz server_2 aaa.bbb.ccc.011/29 | | | | dmz. IP aaa.bbb.ccc.012/29 firewall | int. IP 192.168.0.254/24 | | +----Clients IP 192.168.0.xyz/24On the Clients set the default Gateway to 192.168.0.254 On the firewall and on the dmz Servers set the default Gateway to aaa.bbb.ccc.009
You can use the router but than you need a host route on each client pointing to the router via the firewall. I'd not do that but use the firewall instead. ;-)
Wolfgang
Sorry for my pop into the discussion but i was reading it and it looked somewhat strange to me.
Isn't the router supposed to have an embedded hardware firewall as an application running on itself exactly as it has NAT running also?
Why having a software firewall runninh on a localhost by itself?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.