Do not worry. I know that feeling. We can pretty much ignore the other subnets; a solution that works for one, should work for all.bryan1 wrote:My bad trying to put each subnet down on the diagram makes me head want to explode
First, an active/backup HA pair of Sophos is logically one device, but need two wires on the WAN-side of it.bryan1 wrote:Now I realized I was referring to a logical topology worksheet they left me , In the ISP's physical topology they have fiber coming into the building to my first telephone closest that is connected in what I assume is a layer 2 device... then they installed a Cisco 3945E router that is what I have to use as the gateway to the internet,
The AT&T 3945E Router is configured where I have 30 public ip addresses.
Image that shows SonicWall device and (unconnected) Sophos pair
I'll try to draw again:
Code: Select all
LAN-A === BOX-A --- 3945E --- LAN-B --- SonicWall --- LAN-C --- MEDVPN --- LAN-D
--- is Cat[567]
LAN-A is ISP's subnet
LAN-B is your public x.y.z.w/27 subnet
LAN-C is some private subnet
LAN-D is the "OffLAN" subnet
BOX-A is probably tiny, powered and simply a fiber-copper converter. The 3945E seems to have SFP-slots and could thus connect fiber directly.
3945E acts as DHCP and gateway for the the x.y.z.w/27? That leaves you 29 public addresses.
SonicWall has several public IP addresses (and port forwarding rules for them).
That is interesting. You had this?bryan1 wrote:I tested a layer 2 switch and I couldn't reach the internet with it in the topology.
Code: Select all
LAN-A === BOX-A --- 3945E --- switch (LAN-B) --- SonicWall --- LAN-C --- MEDVPN --- LAN-D
Unless ... The 3945E has apparently four ports. Routed ports, presumably. It probably has been configured to host x.y.z.w/27 on one port, the port where cable from SonicWall is connected to. If you did not try with that port, but plugged the switch to another port of 3945E, then you probably tried a disabled port.
Further possibility is that the LAN-B is a tagged VLAN that 3945E and SonicWall know and use, but you tested with untagged device.
If you have 29 addresses, then you should be able to connect 29 devices to the 3945E and L2 switch is the way to connect multiple devices to the port on 3945E.
Yes, now it makes sense to get rid of LAN-C. To create:
Code: Select all
... 3945E --- LAN-B --- firewallS --- LAN-D
All these firewalls have 3945E as the default gateway.
Other members of LAN-D have one of these as default gateway and might have others as static routes to VPN tunnels.
This requires the (L2) switch in LAN-B. Recheck (with AT&T) why you failed previously.
It makes no sense at all to create:
Code: Select all
... 3945E --- LAN-B --- C7 router --- LAN-E --- firewallS --- LAN-D