Hi, we have a unused SSG140 on our datacenter.
Without SSG140 we are working actually.
Datacenter give us two ranges 200.x.x.x/24 and 100.x.x.x/24 and two gateways 200.x.x.1 and 100.x.x.1 on same cable
This cable is connected to a WAN switch. This switch have all servers. On our servers, assign a 200.x.x.x/24 or 100.x.x.x/24 IP Address and 200.x.x.1 or 100.x.x.1 respectively. All servers have software firewall rules. It works. :-)
We want to use SSG140 as this.
P4 - To datacenter patch panel / routers - Datacenter give us the same two ranges 212.x.x.x/25 and 109.x.x.x/28 and two gateways without changes of the current state.
P8 - To our WAN switch - Servers take IPs from 212.x.x.x/25 and 109.x.x.x/28. We want to keep actual gateways.
We want to filter traffic applying rules traffic from P4 to P8 and remove software firewall on servers.
We have tested using one virtual router (and with two without success)
P4 - trust-vr - UnTrust zone (other tests with untrust-vr and routing between vr's)
P8 - trust-vr - Trust zone
Created policies allowing ALL to ALL and Any service for testing.
And it not works. :-(
Can anybody help?