Quelle anzeigen

Description:

A configuration can only be rolled out to a Unified Firewall from the LANCOM Management Cloud (LMC) if the Unified Firewall acts as a gateway in the LMC project. If both a LANCOM router and a Unified Firewall are to be operated in parallel, this can only be achieved by creating a separate intermediate network for the router.

This article describes how a LANCOM router and a Unified Firewall can be managed in parallel via the LMC.

Requirements:

LMC access (subject to charge) with an existing LMC project and licenses for all LANCOM devices used
LCOS as of version 10.42 (download latest version)
LCOS FX as of version 10.8 (download latest version)
Any web browser for accessing the LMC
The LANCOM router and the Unified Firewall (and other devices, if applicable) must already be connected to the LMC
The Unified Firewall is connected between the router and the rest of the infrastructure (serial connection)

Scenario:

A LANCOM router and a Unified Firewall need to be managed in parallel via the LMC.

To do this, the LANCOM router is assigned to an intermediate network with the address range 0.0.0/24. In this network, the LANCOM router is the gateway.
The Unified Firewall is assigned to a management network with the address range 168.0.0/24. In this network, the Unified Firewall is the gateway.
The Unified Firewall is also assigned an additional guest network with the address range 16.0.0/24. In this network, the Unified Firewall is the gateway.
An access point in this scenario is also assigned to the management network and the guest network.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > Scenario.png

Procedure:

1) Connect to the LMC, navigate to the menu Networks and click Add Network → Network.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 1.png

2) Create an intermediate network for the router. Modify the following parameters and then click Save:

Name: Set the network name for the intermediate network to INTRANET. We do this because a network named INTRANET is included in the default configuration of LANCOM routers, and giving the network a different name would result in this network being additionally created by the LANCOM Management Cloud.
Global IP range (CIDR): Enter the global IP address range for the intermediate network in CIDR notation (Classless Inter Domain Routing). In this example, the default setting of 10.0.0.0/8 is used.

You can adjust the network parameters if necessary.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 2.png

3) Then create a management network for the Unified Firewall and the access points connected to it. Modify the following parameters and then click Save:

Name: Enter a descriptive name for the management network (in this example UF-Management).
Global IP range (CIDR): Enter the global IP-address range for the management network in CIDR notation, in this example 192.168.0.0/16.

You can adjust the network parameters if necessary.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 3.png

4) If necessary create additional networks for the Unified Firewall and its connected access points, for example a guest network. Modify the following parameters and then click Save:

Name: Enter a descriptive name for the additional network (in this example GUEST).
Global IP range (CIDR): Enter the global IP-address range for the additional network in CIDR notation, in this example 172.16.0.0/16.
VLAN-ID: Activate the option Tag network data (VLAN) and enter a VLAN ID for the network (in this example the VLAN ID 5).

You can adjust the network parameters if necessary.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 4a.png

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 4b.png

5) Switch to the Sites menu and click on the relevant site (in this example LCOS-UF-Parallel-Operation).

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 5.png

6) Change to the Networks tab and click on Assign networks.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 6.png

7) Select the networks created in steps 2 to 4 and click on Assign.

You can ignore the error message that follows. Since the INTRANET and UF-Management networks are assigned to different devices, there is no conflict here.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 7.png

8) Switch to the Devices tab, select the Unified Firewall and click Determine function.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 8.png

9) Click the selection menu under Network assignment.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 9.png

10) Assign the management network to the Unified Firewall and other networks if necessary (in this example UF-Management and GUEST).

The intermediate network for the LANCOM router (INTRANET) must not be assigned here, otherwise this network would have two gateways.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 10.png

11) Select the LANCOM router and click Determine function.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 11.png

12) Click the selection menu under Network assignment.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 12.png

13) Assign the router to the intermediate network (in this example INTRANET).

The other networks (GUEST and UF-Management) must not be assigned to the LANCOM router, as otherwise there would be two gateways in these networks.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 13.png

14) If available, select an access point managed by the LMC and click on Determine function.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 14.png

15) For Access Point under Network assignment, click the selection menu.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 15.png

16) Assign the management network to the access point and other networks if necessary (in this example UF-Management and GUEST).

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 16.png

17) Switch to the Devices menu, select all devices and click on the “dots icon” at the top right.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 17.png

18) Click Configuration roll out to transfer the current configuration to the devices.

LANCOM Support Knowledge Base > Parallel management of a LANCOM router and a LANCOM R&S®Unified Firewall via the LMC > 18.png