2 Gateways Sharing One Subnet - How to route traffic in and see each other?

Hello,
First, thanks for your feedback in advance.
I am rolling over from CheckPoint Security Gateways to Fortinet Gateways so I have set up one of each within my datacenter subnet as I wanted to keep the same subnet 192.168.10.0/24 and just roll over from CheckPoint to Fortinet. 
My current production datacenter gateway (checkpoint) resides on 192.168.10.1/24 with it's own External IP. 100+ ip-sec vpn tunnels communicate through this gateway and happily talk to several servers on the datacenter side (ex. 192.168.10.20, 192.168.10.22,
etc)
Since I am preparing to roll over from CheckPoint to Fortinet, I've placed the new gateway in the same datacenter at 192.168.10.2/24, with its own external IP. I've also dropped in a test server at 192.168.10.121 with the gateway pointing to the new Checkpoint.
It happily gets out to the internet via the new gateway, 192.168.10.2.
I can get out to the world via each gateway when I am behind my datacenter and I configure the gateways on each server.  And, they can all see each other and communicate within the 192.168.10.X network.
However, I cannot go from the a Checkpoint tunnel network (ex: 192.168.50.X) go through the CheckPoint datacenter gateway, 192.168.10.1 (via its tunnel) and hit my Fortinet Test server at 192.168.10.121 (fortinet test server gateway set to 192.168.10.2).
 I have the IP statically set in the CheckPoint's DNS server at 192.168.10.20 to 192.168.10.121, but from the 192.168.50.X or any CheckPoint subnet, I can't ping or connect to it.
Vice-versa, I can go from a fortinet subnet (192.168.195.X) and hit my test server 192.168.10.121.  However, I cannot go from a Fortinet tunnel network 192.168.195.X, go through my new Fortinet datacenter gateway, 192.168.10.2 (via its tunnel), and
hit any of my CheckPoint-side servers, 192.168.10.20, 192.168.10.22, etc.
Specifically, all of my scanners at the 100+ sites scan and send via an smtp server within my datacenter (192.168.10.56).  When I deploy the new gateway, the scanner at the office cannot access this IP address to send the email.
Is there a way to sync two AD/DNS servers within my Datacenter but with different gateways?   In theory, I'd like the request to come in from the outside (whether a checkpoint network or the new fortinet) it will look into its respective AD/DNS and
point it to the 192.168.10.56 smtp server.
It does not have to be AD/DNS, but that was the first idea that popped in my head.  I am definitely open to the most efficient and stable method as I have to roll over 100 sites.
Thank you again!

Hi Strike First,
 One issue is that we have over 100 remote sites that we are converting from CheckPoint to Fortinet.  And, we do not have the man power to do a single night cutover as these are offices in remote locations.
I am a little confused on the layout you are proposing:
Set up fortinet as the backend firewall, point all internal gateways to this backend firewall, then have this firewall NAT through the current CheckPoint firewall?
Thank you very much for your guidance.

Similar Messages

  • VRF-Lite on one 6509; How to route traffic from global to VRF.

    To anyone that can lead me in the right direction:
    I have a 6509 switch with IOS " s3223-adventerprise_wan-mz.122-33.SXJ2.bin"  on it. I am running VRF-lite on it and would like to route some subnets from the global route table to the VRF route table. How can I do this and stay on the same physical switch.  I am using EIGRP for the global network and route table and static routing within the the VRF.  Any suggestions or recommendations?  Thanks in advance for your help in this matter...

    Hello,
    You need to use (Static route) in both directions, One Static in the VRF table points to the Global interface, and another one in the Global point to the VRF interface for the recieved traffic. After that, you Can Redistribute the Global Static route into Eigrp for end-to-end connectivity!
    Example:
    Consider you have 2 interfaces in your Core SW-6509: One is G0/1 and the other is G0/2
    G0/1 is placed into the Global table , and G0/2 is part of VRF (X)
    interface G0/1
    IP address 1.1.1.1 255.255.255.0
    inteface G0/2
    ip vrf forwarding X
    ip address 2.2.2.2 255.255.255.0
    Consider Subnet Y.Y.Y.Y in the Global and you want to have it accessible from the VRF!
    configure this:  (ip route vrf X  y.y.y.y y.y.y.y.y G0/1 Global)
    Configure also this for the return traffic from the Global table: (ip route 2.2.2.2 z.z.z.z G0/2)
    You Can then redistribute the Global static into the Eigrp as below:
    router Eigrp 1
    no auto summary
    redistribute static metric 1.1.1.1.1
    HTH
    Mohamed

  • WRT54G how I can setup 3 computers to see each other

    Hi I have 2 pc wired to wrt54g and one laptop set as wireless.
    I have no problem to get to internet.
    But how I can setup them to see each other.
    Do I need a hub or it can be done  just with router.
    Please let me know how this can be done.
    I am not an expert so please be with me.
    Thanks Jozef
    Windows XP
    Message Edited by Choco on 03-25-200708:54 AM

    You should lower down the security settings on the Zone Alarm.
    Make sure the File and Printer Sharing which is one of the features created by Microsoft should be configured properly on 3 computers.
    For more information on how to share files and printers on all of the 3 computers.
    Please visit this website.
    www.linksys.com/kb
    In the search field type-in file and printer sharing and this will bring up answers
    I am not a teener anymore, I am a woman now - DreamGirls

  • My wife and I have shared one iTunes account for 6  years.  We want to create our own Apple IDs, so when we sync to our new iMac we won't see each others contacts, photos, calendar, music, etc.  Is there a way to move music/apps from one ID to a new ID?

    My wife and I have shared one iTunes account for 6  years.  We want to create our own Apple IDs, so when we sync to our new iMac we won't see each others contacts, photos, calendar, music, etc.  Is there a way to move music/apps from one ID to a new ID?

    JoeyV325 wrote:
    Is there a way to move music/apps from one ID to a new ID?
    No.
    One of you create a new AppleID and one use the existing AppleID.
    But you can still use the items in each iTunes library.
    Create separate computer logins for each of you.
    This will give you each your own data. Contacts, calendars, photos, etc. (and your own iTunes library).

  • I share an Apple ID with someone but we are now on iOS8 and getting each others messages on our iphones and ipad. How can I split the account safely as well as protect icloud backed up data?

    I share an Apple ID with someone but we are now on iOS8 and getting each others messages on our iphones and ipad. How can I split the account safely as well as protect icloud backed up data?

    Use different Apple IDs for iMessage (and also FaceTime) to avoid getting each others text messages (and FaceTime calls).  One of you should go to Settings>Messages>Send & Receive (and Settings>FaceTime), tap the ID, sign out, then sign back in with a different ID.  You can continue to shared the same ID for the iTunes store and other services.

  • I've got a G5, OS 10.5, and an IBook OS 10.4.  Both can reach the internet wirelesly.  How can I make them aware of each other, so they can exchange files

    I've got a G5, OS 10.5, and an IBook OS 10.4.  Both can reach the internet wirelesly. 
    How can I make them aware of each other, so they can exchange files?  Both have network
    icons in the systems peferences, but I can't see how to hook them up.

    That got me closer, but I'm not quite there yet.  On each ofthe two computers I've allowed all users File Sharing and Remote Management.  Each computer has an address 192.168.1.2 (or 4).  When I enter those addresses into "connect to server" the reponse is either 'drop box' or 'public folder'.  So it seems that only very basic sharing is allowed. I have'nt  set up a public folder on either one.

  • HT5624 My husband and I share an Itunes account so use the same email address and password.  Our iphones are now connected and we get each other's messages and share each other's contacts.  How can we stop this happening?

    My husband and I share an Itunes account so use the same email address and password.  Our iphones are now connected and we get each other's messages and share each other's contacts.  How can we stop this happening?

    A couple of different approached:
    Create a second AppleID for one of you that includes the email address and phone number you wish to use for messaging, but do not apply it to the iTunes and app store (just keep the current one). My wife and I do this and it works quite well. Also allows for easier syncing of Contacts , notes etc. using icloud if you wish to do that.
    Add additional emails/phone numbers to the existing account and change the Send/Receive settings for Messages. this will not fix the Contcts isues for you however.

  • One other user & I can no longer see each other in the buddy list

    My friend & I, who have used iChat for years, and also recently, and neither of us has changed anything, can no longer see each other in either one of our buddy lists.
    We've checked:
    - That neither of us is blocking the other
    - That other people can see us - they can
    - That we can see other people - we can - we can even see the same people as each other, just not each other
    We've tried blocking & unblocking each other, in case that would reset something, and both rebooted our Mac's several times.
    Any ideas???

    Ralph Johns (UK) wrote:
    Hi,
    I can see that Accounts/Screen Names can get messed up on the various flags set by an App to and therefore On the AIM servers.
    What I can not see in this case is why it seems to be limited to just one Buddy on each computer.
    As the Block list (And therefore presumably Allow Lists) are not actually shown in the .p0list I ma hoping that deleting it and restarting ichat at one end at least will reset that iChat form the Defaults haled in the app when you do this.
    (you could delete that Account Screen Name from iChat ? Preferences > Accounts to achieve the same things in a more destructive way as it would tend to rewrite all the .plists which may included Jabber ones that are OK
    We both did delete our screen names in iChat, and also deleted ALL the prefs manually.
    Also, we've tried using entirely different computers to log-in to those same accounts, with the same results - somehow we're blocked from each other.
    I think we're both giving up at this stage. We have additional accounts we can use to see each other. But it would be really nice to get to the bottom of it, because if it happens once it can happen again. Who knows? Maybe there are other people in my buddy list that this is happening with right now, but we don't know it. This person just happens to be someone I chat with a lot, and we noticed we weren't seeing each other.

  • Ok so i am trying to home share with my roommate and we have where we can see each others music but how do i get his music copied into my itunes so when we dissconnect it will still be there (working off 11.1.2

    ok so i am trying to home share with my roommate and we can see each others music but how to i put his music into my itunes so that when we dissconnet it will still be on my computer ? we are both on version 11.1.2 of itunes

    Welcome to the Apple Community.
    Select the content you wish to import and use the import button at the bottom of the screen.

  • How can we get help/advice amoungst each other? I have questions

    How can we get help/advice amoungst each other? I have questions which might not be bug related and thought it would be nice if we could bounce questions off each other.
    Example:
    Why is my Reflow sample behaving like this?
    Should I have some kind of settings set so things don't get all weird?
    I didn't set any breakpoints yet, but things are going weird.
    Image attached! Any insights?
    Thanks.

    You can post questions here too. If they are design questions if people know the answer they can respond too.
    For this particular issue, it does look like a design problem. From the screen shots, I'm guessing that the light gray box is using negative top margin to overlap the darker dray box. I think for this change the dark gray box to use height:auto and add a padding-bottom to it for the current space below the text. That way when the text starts to push down there will be a constant amout of space from the bottom of the text to the bottom of the dark gray box and that will push the light gray box down as well.

  • Two Computers on Router; Don't See Each Other

    Two computers, each connected wirelessly to same FiOS router. Each connects perfectly to the Internet, but cannot see each other (ping test).
    Normal? Some little change in firewall setting needed?
    HaroldWho

    Whoops. I forgot that in addition to the router firewall I had my own rules via 'iptables,' that dropped all NEW connections. I just needed to allow connections from 192.168.1.0/3

  • HOW CAN INVITE PEOPLE IN A GROU EVENT ON ICAL WITHOUT THEM SEE EACH OTHER EMAIL ADDRESS

    HOW CAN INVITE PEOPLE IN A GROU EVENT ON ICAL WITHOUT THEM SEE EACH OTHER EMAIL ADDRESS ?

    Hi, I never use any of these, but according to this it uses eMal, so I'd think moving the adressees to the BCC: field should do it.
    Not the To: or CC: feild.

  • I want to change my email account associated with my iTunes account. How do I do that and keep all other info intact!

    I want to change my email account associated with my iTunes account. How do I do that and keep all other info intact!

    http://support.apple.com/kb/HT5621

  • I can log into my icloud account but i need to know my iPod security questions and answers.. How can i get them and see them???

    I can log into my icloud account but i need to know my iPod security questions and answers.. How can i get them and see them???

    You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
    (97586)

  • TS3999 I am trying to merge my calendar with my wife's with I cloud so that we both can see each others.  how do I do this

    my wife and I have iPhones  and separate accounts with icloud.  Is there a way that we can merge them together through icloud to allow us to see each other's calender? 

    It is very difficult to do this if you want it to look a bit convincing, but if you don't want something very realistic but just to do it for fun it may be doable.
    What you  want is to put one clip atop the other and use a mask.
    If you use a still image of your baby and your moving lips do not move a lot within the frame, this looks possible and not too difficult.
    Apply the "Vignette Mask" to your clip and adjust its size, position an fallof parameters so that the vignette captures just your mouth. And use the Transform tool to resize and position over your baby's mouth.
    You may end up with something a little better than this quick and dirty example I just made :-)
    Edit: just after I posted I realized that Karsten beat me :-)

Maybe you are looking for