Description:

A configuration can only be rolled out to a Unified Firewall from the LANCOM Management Cloud (LMC) if the Unified Firewall acts as a gateway in the LMC project. If both a LANCOM router and a Unified Firewall are to be operated in parallel, this can only be achieved by creating a separate intermediate network for the router.

This article describes how a LANCOM router and a Unified Firewall can be managed in parallel via the LMC.


Requirements:

  • LMC access (subject to charge) with an existing LMC project and licenses for all LANCOM devices used
  • LCOS as of version 10.42 (download latest version)
  • LCOS FX as of version 10.8 (download latest version)
  • Any web browser for accessing the LMC 
  • The LANCOM router and the Unified Firewall (and other devices, if applicable) must already be connected to the LMC
  • The Unified Firewall is connected between the router and the rest of the infrastructure (serial connection)


Scenario:

A LANCOM router and a Unified Firewall need to be managed in parallel via the LMC.

  • To do this, the LANCOM router is assigned to an intermediate network with the address range 0.0.0/24. In this network, the LANCOM router is the gateway.
  • The Unified Firewall is assigned to a management network with the address range 168.0.0/24. In this network, the Unified Firewall is the gateway.
  • The Unified Firewall is also assigned an additional guest network with the address range 16.0.0/24. In this network, the Unified Firewall is the gateway.
  • An access point in this scenario is also assigned to the management network and the guest network.


Procedure:

1) Connect to the LMC, navigate to the menu Networks and click Add Network → Network

2) Create an intermediate network for the router. Modify the following parameters and then click Save:

  • Name: Set the network name for the intermediate network to INTRANET. We do this because a network named INTRANET is included in the default configuration of LANCOM routers, and giving the network a different name would result in this network being additionally created by the LANCOM Management Cloud.
  • Global IP range (CIDR): Enter the global IP address range for the intermediate network in CIDR notation (Classless Inter Domain Routing). In this example, the default setting of 10.0.0.0/8 is used.

You can adjust the network parameters if necessary.

3) Then create a management network for the Unified Firewall and the access points connected to it. Modify the following parameters and then click Save:

  • Name: Enter a descriptive name for the management network (in this example UF-Management).
  • Global IP range (CIDR): Enter the global IP-address range for the management network in CIDR notation, in this example 192.168.0.0/16.

You can adjust the network parameters if necessary.

4) If necessary create additional networks for the Unified Firewall and its connected access points, for example a guest network. Modify the following parameters and then click Save:

  • Name: Enter a descriptive name for the additional network (in this example GUEST).
  • Global IP range (CIDR): Enter the global IP-address range for the additional network in CIDR notation, in this example 172.16.0.0/16.
  • VLAN-ID: Activate the option Tag network data (VLAN) and enter a VLAN ID for the network (in this example the VLAN ID 5).

You can adjust the network parameters if necessary.

5) Switch to the Sites menu and click on the relevant site (in this example LCOS-UF-Parallel-Operation).

6) Change to the Networks tab and click on Assign networks.

7) Select the networks created in steps 2 to 4 and click on Assign.

You can ignore the error message that follows. Since the INTRANET and UF-Management networks are assigned to different devices, there is no conflict here.

8) Switch to the Devices tab, select the Unified Firewall and click Determine function.

9) Click the selection menu under Network assignment.

10) Assign the management network to the Unified Firewall and other networks if necessary (in this example UF-Management and GUEST). 

The intermediate network for the LANCOM router (INTRANET) must not be assigned here, otherwise this network would have two gateways.

11) Select the LANCOM router and click Determine function.

12) Click the selection menu under Network assignment.

13) Assign the router to the intermediate network (in this example INTRANET).

The other networks (GUEST and UF-Management) must not be assigned to the LANCOM router, as otherwise there would be two gateways in these networks.

14) If available, select an access point managed by the LMC and click on Determine function.

15) For Access Point under Network assignment, click the selection menu.

16) Assign the management network to the access point and other networks if necessary (in this example UF-Management and GUEST). 

17) Switch to the Devices menu, select all devices and click on the “dots icon” at the top right.

18) Click Configuration roll out to transfer the current configuration to the devices.

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH