6 Replies Latest reply on May 28, 2013 8:52 AM by mtuma

    Using the second bge port for new VLAN

      So here is the situation; I am on a Secure Computing Sidewinder with v.7 console. My current configuration: under Burb configuration I have three, DMZ, external and internal. Under interface configuration I have DMZ:bge0, external_network:em1, internal_network:em1, <Not in use> bge1.

       

      At the moment the firewall is plugged into a Catalyst switchthat is configured with two VLANs, DMZ and internal. I need to configure another VLAN on the switch and use the free bge port to configure essentially a carbon copy of the network configuration on bge0. Roughly 70+ rules on that interface are configured and associated with the three burbs.

       

      It seems pretty straight forward; however, I have no idea where to start.

        • 1. Re: Using the second bge port for new VLAN
          sliedl

          Just double-click the interface and add the details you need.  Set the burb to DMZ also.  If you set the burb to DMZ on this interface the rules you created for this DMZ traffic previously will flow through this interface also.

          • 2. Re: Using the second bge port for new VLAN

            So does that stand true with the external and internal blurbs?

             

            Some additional information:

            The current VLAN is home to windows domains named identically. The domainswere created on separate networks but someone put them on the same switch andvlan as a quick and dirty fix to sharing the internet connection between thetwo. Now I am in the process of trying to separate the two on to separateVLANS. My manager wishes to retain the same address range on the new VLAN,which others have said could be problematic from a firewall perspective. I amalso planning on rebuilding the domain that I am putting on the new VLAN. Thedomain currently has one DC and it is hosed beyond reasonable repair. Thesimple plan I had envisioned originally has become progressively complex. Ihave decided, upon recommendation from my co-worker, to P2V the wholesystem and test it first virtually. I agree that this is the way to go; it justadds some new hurdles. My manager

             

            Message was edited by: newtomcafee on 3/27/12 7:47:59 PM CDT
            • 3. Re: Using the second bge port for new VLAN
              sliedl

              You cannot have the same address or address range (subnet) on two different interfaces, if that's what you're saying here:  "My manager wishes to retain the same address range on the new VLAN,which others have said could be problematic from a firewall perspective".

              • 4. Re: Using the second bge port for new VLAN

                OK, yes that is what he wanted. I originally suggested creating a new range for the new VLAN, and re-IPing the machines as they were moved but he was worried that the custom code on the systems would freak out if the IP adressing changed.

                • 5. Re: Using the second bge port for new VLAN

                  I am new to McAfee Firewall;  anyway, what does the em or bge interface mean? I have searched in the Internet, but I can't get the answer.

                  • 6. Re: Using the second bge port for new VLAN

                    em and bge refer to the driver being used for the interface. em is for Intel, bge is for broadcom. The Intel NICs are typically slotted in the PCI slot, and the bge is typically on the motherboard. Functionally they are going to be almost identical.

                     

                    -Matt