Interface settings Secondary IP addresses

M400 12.6.1

We have the secondary ip addresses added on the interface for a long time in the firebox since 12.3.1 version, now if we go to the interface and click on the secondary tab and ok it out, it gives an error message like "xx.xx.xxx.xxx/29" is not a valid secondary network ip address. What could cause this? We did not make any changes.

Comments

  • Are you using the Web UI?

  • What are the last 3 digits?

  • Hi Bruce,

    Firebox Manager, last 3 is 136 for /29

  • For a /29, .136 is the bottom of the subnet range, and is often reserved as the “ network” IP addr, as is the top of the range, the broadcast IP addr.

  • ok, that's strange when we added it back in 12.3.1 it didn't complain =)

  • Sorry, I have another question, I have a policy with SNAT that is getting from a Secondary IP on the external interface. Somehow there is no incoming traffic to that policy, any place else I need to change? Thanks again.

  • edited March 2021

    Turn on Logging on that policy to see packets being allowed by it in Traffic Monitor.

    You can set up a NAT loopback for testing on that policy - Add Any-trusted or a specific internal IP addr and then access the public IP addr from behind the firewall.
    If it works, contact your ISP.

  • will do that. Thanks Bruce!

Sign In to comment.