Duplicate Unrouted Subnets

[deanwebb]

Had a bit of fun with the Network Topology in my Tufin setup. We have more than one 192.168.1.- range at work. These ranges are non-routed, so they don't present any duplicate IP issues for us. But for an automated topology generator, they are logically the same network. Therefore, all the firewalls that have that non-routed subnet show up as connected on their backends.

It's good for a joke, then I have to go in and prune the bogus connections. In a large enterprise such as I work in, this sort of thing is going to involve ongoing diligence in making sure that the automated mapping software doesn't keep reporting that the best way to get to the office network in China is to pass through either the Ireland or Argentina network segmentation firewalls...

[Dieselboy]

I hate it when companies have any 192.168.0.x to 192.168.2.x or even higher. My main corp office has 192.168.0.0/20 and 192.168.16.0/20 subnets. Within the first /20 I've just nullified 192.168.0.0/24 and 192.168.1.0/24 because people usually use these at their homes. The 192.168.2.0/24 subnet is still in use but we're slowly moving stuff off this subnet and then it will become a total non-routed subnet, with the VLAN only spanning the networks devices that require it. This will probably only be one or three switches.

What's Tufin? Sounds interesting.

In my IP spreadsheet it's not really possible for me to duplicate subnets because my policy is that documentation is marked out before any configuration work is done. The hardest part is coaching others to do the same.

[Netwörkheäd]

Tufin is a firewall management tool. And, yeah, those home use ranges... black holes for anyone on a vpn that uses that range for home IP addresses.

Sent from my SM-N900P using Tapatalk