Here is the scenario, would it be possible to wire up 2 GCC6011 firewall routers which are each managing their own Vlans and running their own ids/ips to a single GCC6011 which has the wan link and no Next Gen firewall features enabled, since throughput is reduced when ids/ips is enabled. Would this setup work if I can prevent double Nat? And would a device on one sub gcc6011 be able to talk to another device on the other vlan?
This is an interesting concept ā can you draw a quick diagram of this and post it?
I dont know if this would work or not because of double Nat, but if there is a way to prevent double Nat somehow by configuring the level 2 GCC6011 to only do ids/ips and leave the routing to the main GCC6011 at the top.
1 Like
The GCC actually allows you to do routed non-nat IPs ā so if you have a netblock you could disable nat and give a real IP to each of the lower GCCs ā otherwise you could do this with nat.
But Iām just proposing this as a theory for now, since in Australia it is rare to see anything over a gigabit, and other prosumer multi gigabit networking hardware is a tad pricey.