Author Topic: Change Mitel Border Gateway to run behind firewall  (Read 472 times)

Offline kyleighterry

  • New Member
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Change Mitel Border Gateway to run behind firewall
« on: September 20, 2024, 04:00:28 AM »
Hi all. I've got to move a Mitel Border Gateway running on MSL 11 from a WAN edge deployment (2 NICs - first on internal LAN and second with a WAN IP on it) to go via a FortiGate firewall behind NAT. I'm happy with the FortiGate config, but could do with some pointers on getting the VM reconfigured if anyone knows?


Offline dilkie

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 340
  • Karma: +11/-0
    • View Profile
Re: Change Mitel Border Gateway to run behind firewall
« Reply #1 on: September 20, 2024, 09:46:11 AM »
it'll only work properly if the MBG's WAN interface is located in the DMZ of the f/w. A proper, 3 port, DMZ... In that situation, you can exist as a "proper" DMZ only, single network interface, or if the company allows BMG to also have it configured with 2 interfaces, the lan interface and be located on the internal lan network.. in that case, you must use "custom" mode in the networking to properly configure everything to work correctly.

any, of course, your f/w must be configured correctly, see eng guidelines, AND you MUST have a dedicated public ip address that the f/w will forward only to MBG in the DMZ. The requirement for a unique/non-shared public ip address does not go away.

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Change Mitel Border Gateway to run behind firewall
« Reply #2 on: September 20, 2024, 12:09:03 PM »
@dilkie is 100% spot on here...

I would also like to mention if you are doing this for "security", don't bother... it's a waste of time if you maintain updates and proper config in your MBG... the Teleworker gateway will be more secure than your firewall in 99.9% of cases.

I have done a lot of these... many "network" people have tried to set it up like you want to do, and it is absolutely a supported setup that is well documented, but I find a lot of setups have weird issues and when we switch to the two NIC's in a WAN edge deployment, all the problems disappear.

The change is easy... ssh or console to the VM, run the configurator and change the IP on the NIC into the DMZ and then reboot and login to it and change the deployment mode in the MBG setup... There really isn't anything else to do, you don't have to delete the second NIC if you don't want to but I would do it to make things clean.


 

Sitemap 1 2 3 4 5 6 7 8 9 10