Thursday, September 3, 2020

Mostly locked myself out of a watchguard

The issue is not the password. What I did was lock down the Web UI and Management policies to a singular Alias that contains two IPs. So I can set an interface as one of these 2 IPs and can physically connect to either active port (0 and 1) but neither IP assigned to those are in the same subnet. I believe I will need to set a static route which I have, but I'm missing something. Here is a very similar setup to the actual one I'm working on, i just made the IPs something simple to make it easier to communicate.

M300 watchguard

Port 0 192.168.1.1 /26

Port 1 172.16.0.1 /27

The two IPs allowed per the rules are

100.100.100.100

60.60.60.60

So either of these two IPs should be allowed to manage the firebox through either port on the Web UI or System manager.

I think what I'm really struggling with is:

When I set the static IP to either 100 or 60 address, what default gateway do I set (if any)?

After this, am I correct to assume I need to provide a static route? If so, do I point it at the IP of the interface I just set? Or do I set it to the IP I'm trying to connect to?

I just need to login this way once to add back the actual IP(s) that should also be allowed to manage the unit. I appreciate any help you all can provide. Thank you very much in advance.



No comments:

Post a Comment