Hey folks, I am so puzzled right now, so I decided to ask you all for advice.
Client has about 500 Locations worldwide and my company happened to get the contract with them for my country.
The setup we provide is:
2 different ISPs, one with static IPs, one with DHCP (but also some locations with two ISPs with static IPs.)
Media Converter (fiber to copper).
The firewall is not part of our duty, as the client specifically asked us to NOT do it.
My choice would be a Firewall with 2 WAN ports, whether its fortigate or zyxel or whatever fits best.
This is, because I can plug both Internet Access into the same firewall and controll traffic flow or even do HA / redundancy things.
This sound sane, doesnt it?
My client now came to me for help, because they cannot configure their fortigate which has a SINGLE WAN interface. They cannot explain how they approached this problem (two cables, two vastly different networks, one with PPTP dial in, one with DHCP, etc.).
They say "we did this in every location worldwide" but still cant explain (no graphics, visio, text-based explanation) how they did this. I built this explanation based on various mails and phone calls, thrid hand mentions and other sources: "theres usually a switch infront of the firewall and a vlan, then one cable goes to the firewall, while both internet access terminate at the switch."
I dont see it as my problem, but my boss sees billable hours so its my duty.
How did they do that? I think its not best practice, but:
Did they create a VLAN, defined the network insanely huge to fit both ISP Networks inside them, then put the two WANs and one Switchport (to Firewall WAN) into the same VLAN and did their "magic" on the Firewall? Does this sound sane to you? I know we cant figure out what exactly they did, but literally any intput is helpful...
Looking forward to hear you feedback and get some peace of mind...
No comments:
Post a Comment