Contents

Ecessa PowerLink and Firebox

Deployment Overview

This document describes how to set up Ecessa PowerLink with the WatchGuard Firebox. PowerLink provides automatic failover between WAN connections, including ISP links, with load balancing and traffic shaping.

Integration Summary

This integration was created using these devices and firmware:

  • Ecessa PowerLink PL150 v10.6.9
  • WatchGuard FireboxV installed with Fireware v12.1

Test Topology

This integration demonstrates how to set up an Ecessa device with two WAN interfaces to handle multi-WAN failover for a FireboxV configured in Drop-In mode. If Ecessa is routing for a Firebox that requires inbound connections, the Firebox must be configured in drop-in mode so that the Ecessa device handles NAT. The first WAN link is configured with a static IP address and the other WAN link with DHCP. We also configured an inbound SSH connection to a Linux device we could use to test the integration.

Ecessa with WatchGuard FireboxV topology

Configure Ecessa

The Ecessa PL150 default IP address is https://192.168.50.1. The default credentials are: username - root and PWRLNK.

  1. Log in to the Ecessa web interface.
  2. On side bar, below Basic Setup, select WAN.
  1. Click Add New WAN.
    The Base WAN Settings appear.

Screen shot of Ecessa static WAN setup

  1. From the WAN Type drop-down list, select Static.
  2. From the Ethernet Port drop-down list, select the physical port.
  3. In the WAN Alias field, type the interface alias.
  4. In the WAN Address Settings section, type the WAN IP/Mask in CIDR notation format and the Gateway IP.
  5. Adjust the Test Points and Link Settings and WAN Advance Settings according to your network.
  6. Select the Save Changes check box.
  7. To apply the saved settings, click Activate.
  8. Below Basic Setup, select WAN.
  9. Select Add New WAN.

Screen shot of Ecessa add WAN DHCP

  1. From the WAN Type drop-down list, select DHCP.
  2. From the Ethernet Port drop-down list, select the physical port.
  3. In the WAN Alias field, type the interface alias.
  4. Adjust the Test Points and Link Settings and WAN Advance Settings according to your network.
  5. Select the Save Changes check box.
  6. To apply the saved settings, click Activate.
  7. From the left side panel, select Basic Setup > LAN.
  8. Click Add a new LAN to add a row.

Essesa LAN entries

  1. In the LAN Alias field, type the interface alias.
  2. In the LAN IP Address field, type the address in CIDR notation format.
  3. From the Ethernet Port drop-down list, select the physical port.
  4. Select the Save Changes check box and apply the settings by clicking Activate.
  5. From the left side panel, select Routing/NAT > Port Forwarding.
    The Port forwarding Configuration page appears.
  6. Select the Add Forwarding Entry to add a new row.

Screen shot of the Ecessa Port Forwarding configuration

  1. In the WAN IP/IP Range/Alias, type the inbound connection public IP address.
  2. In the Port Range text box, type the inbound connection port(s).
  3. In the LAN IP/IP Range/Alias text box, type the internal private IP address.
  4. If required, select the PTPP, IPSec, or ICMP options.
  5. Select theSave Changescheck box.
  6. To apply the saved settings, click Activate.

Configure Firebox for Ecessa

In this example, the WatchGuard Firebox is configured in Drop-In mode, with Ecessa performing NAT from the public IP address to the private IP range configured on the Firebox (with Drop-In mode, the Firebox uses the same subnet on all interfaces). To learn more about how to configure your Firebox in Drop-In mode, see Fireware Help.

  1. Log in to Fireware Web UI.
  2. Select Network > Interfaces.
  3. From the Configure Interfaces in drop-down list, select Drop-In Mode.
  4. Click Configure.
    The IP Settings page appears. In Drop-In Mode all active interfaces on the Fireware are assigned the same IP address.

Screen shot of the WatchGuard firewall drop-in mode IP assignment

  1. Type the IP Address in CIDR format and the Gateway IP.
  2. Select the Drop-In Settings tab.
  3. Verify the active interfaces are selected under Automatic Host Mapping.

Screen shot of the WatchGuard firewall Drop-In settings

  1. Click Back.
  2. Verify the entries and click Save.

Screen shot of the WatchGuard firewall interfaces save

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.

Screen shot of the WatchGuard Add Policy button

  1. In the Select a policy type section, from the Packet Filterdrop-down list, select SSH.

Screen shot of the WatchGuard firewall add policy type

  1. Click Add Policy.
    A page showing the new policy properties appears.
  1. Type an appropriate Name for the policy.
  2. Remove any alias or IP address from the To and From fields of the policy.
  3. In the From field, select Add.
  4. For the Member type use the Alias drop-down list, and select Any-External.

Screen shot of WatchGuard firewall policy alias add

  1. Click OK.
  2. In the To field, select Add.
  3. From the Member type drop-down list, select Host IPv4 and type the internal private IP Address.

Screen shot of the WatchGaurd firewall policy member type IP

  1. Click OK.
  2. Verify the policy and click Save.

Screen shot of full WatchGaurd policy

Test the Integration

From a Windows computer external to the Ecessa device:

  1. Open the Windows command prompt.
  2. Type this command: telnet <public IPaddress> 22.
  3. You should see an SSH response showing the connection on port 22.

You may need to flush the ARP cache or reboot some routers before you test this integration.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search