Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dmsn2015-04-29 23:46:30
Computer networks
dmsn, 2015-04-29 23:46:30

How to wrap Internet traffic through a remote branch using WatchGuard XTM2 and BOVPN?

f50cc7d1b2184f21b5039fef4bad77c7.png
Scheme (attached) - 5 peripheral subnets (offices) connected to the central one using BOVPN tunnels.
WatchGuard XTM2 firewalls are used everywhere.
The problem is that the Internet is not served at the main point, but is located on the periphery.
The main task is to organize access to the Internet from all connection points through the existing peripheral.
I easily implemented such a task on Mikrotik equipment, by marking traffic (mangle routing mark) at a point deprived of the Internet, and creating a route through the tunnel based on this marking. At the point where the Internet was present, it translated addresses from a remote gray network towards the Internet.
In the context of technologies based on WatchGuard XTM equipment, I look towards Route for All Internet-Bound Traffic goo.gl/JGKk3D . But I'm afraid that this can break connections with information resources located on the central connection point.
I am also starting to consider the option with an HTTP proxy server on a connection point with Internet access and distributing Proxy settings through group policies.
I ask you to express your ways of solving this problem, if they, of course, exist.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Valentin, 2015-04-30
@vvpoloskin

I am not a supporter of using proprietary vendor-dependent technologies, especially in fairly simple networks. I can’t say anything about XTM, but on typical equipment such as ciscos and microtics, you can think of a lot of things:
1) PBR on a piece of iron with Internet access
2) throw the Internet to the center using another, separate tunnel, at least on VRFs, at least on L2TP
3 ) just on a piece of iron connected to an Internet, make an Internet in one VRF, Vpn - in another, submit it all to a central point
. If there are a sufficient number of white addresses when connecting to an Internet, nat would still do it at a central point. More logical somehow...

Similar questions
G
GermanSokolov132014-02-17 12:58:56
Is it possible to customize both the picture and the counter of the “share” buttons on VK.com and other social networks at the same time? 1Reply
D
Damian Lewis2018-09-22 08:42:40
What is the difference between 127.0.0.1 and 0.0.0.0? 2Reply
N
Nikita2014-02-19 12:10:44
Diamond in CSS3: how to create a triangle for the edges? 4Reply
@
@Detsle2016-04-25 14:33:33
How to make the correct network segmentation? 3Reply
P
Pavel Rimsky2016-04-26 03:27:13
Configure TCP protocol or Port on socks? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question