1

I am working 2 cisco firepower 1120 firewalls, which are connected to a 5-port layer-2 switch through their "outside"(Ethernet1/1) interfaces, each with an IP address of the form 192.168.1.x with a subnet mask of 255.255.255.0. On that same switch, I have a computer with the same IP format of 192.168.1.x, 255.255.255.0, but no default gateway sepcified. The static routes for each firewall's "inside interface" is already set so that they can ping device beyond the "inside" interface. But I am not sure as to how to modify the firewall or the computer such that the computer connected to the switch is able to ping the devices on the "inside" interfaces of each of the 2 firewalls. Here is the network view: enter image description here

Improve this question

1 Answer 1

Reset to default
1

The PC requires some gateway forwarding to the 'inside' subnet.

Just set up either firewall as gateway, or both. And of course, add rules to the firewall(s) to permit that traffic.

Improve this answer
3
  • Hello! Thank you for your reply. I tried setting up 1 firewall as the gateway and that will not allow the computer to ping devices on the other firewall. I am not sure how to add both firewalls as gateways. WOuld I need to setup 2 separate IP addresses for each gateway I add? If so, how? The computer is running Ubuntu OS by the way. Commented Feb 28, 2025 at 21:12
  • You need to setup the firewalls to allow the traffic in question. I'll be honest, it seems like you are setting them up backward because you seem to be assuming that traffic from the outside to the inside should be automatically allowed. The usual case is the opposite. Nothing from outside to inside is allowed and traffic from inside to outside is allowed by default. Check google or youtube for basic Cisco Firepower/ASA firewall setup and how to allow access to the inside network. There are many guides for basic setup. Commented Mar 1, 2025 at 1:00
  • The traffic is allowed already. I have setup the static routes, their security levels, as well as the same-security interface communications. Should I put a default gateway on the computer, the ping works. Otherwise(no gateway) it won't work. The problem is really the Default gateway. Commented Mar 1, 2025 at 3:20

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.