Jump to content


Deploying BC WAN Side by Side existing WAN

Routing NGF F600

  • Please log in to reply
No replies to this topic

#1 Zwart, Brian

Zwart, Brian
  • Members
  • 2 posts

Posted 30 September 2016 - 09:26 AM

We are in the process of evaluating and will more than likely deploy BC NGF across 15 locations and CC to create a mesh VPN using Tina tunnels.  We already have a WAN in place at all locations using WatchGuard XTM firewalls and VPN tunnels.

The existing WatchGuard network is based upon subnets throughout the various locations.  The plan was to roll out new subnets with the introduction of the Barracuda using

I reside at the HQ location where the hub of the WG firewalls is located.  At this location we also have a BC F600 in place right next to the WatchGuard’s.  When considering the different ways to migrate from one WAN to another we were thinking the best option would be to setup the networks side by side and recreate the needed existing rules on the BC firewalls, etc.  We are a small IT team and it seemed to make sense to migrate headquarters first, then the remote sites one by one as time permitted. 

That said, can we connect them together using a network cable and create the appropriate routes on each router allowing a computer to reside on either network?  The idea was this would allow us to move servers, devices, etc from the WatchGuard network to the BC network as time permitted and computers would not know the difference as the WG and BC would pass all traffic between the various networks.


We are quite new to BC configuration however have gone through some of the training and read many training guides and have setup a few direct attached routes for our various ISP’s and have several functional Tina tunnels with functional routing, etc.  We are really struggling trying to make the routing work between the Barracuda network and the WatchGuard network.  I was thinking you would connect a network cable from one port to the other between the 2 routers and configure a direct attached Route (Trusted) on the BC side and a similar configuration on the WG side.  Is this a supported concept?  I did not think it would make sense to create VPN tunnels when they reside in the same room.