Help with Egress rotes
MY ISP provides me a /27 network routed over a /30 network. I have a service that uses STUN to determine the IP address of the inside device. This results in the gateway address of the /30 network, which in this case is wrong. I need an egress rule for my SGA device to use {x.x.x.x} and not the {Y.Y.Y.Y}
x.x.x.x represents public IP on /27
Y.Y.Y.Y represents Watchguard GW for everything.
0
Sign In to comment.
Comments
Option 1:
Add the public IP addr that you want to use as a Secondary IP addr on the External interface.
Then on your outgoing policy for this traffic: Advanced tab -> Dynamic NAT -> select All traffic in this policy -> select Set Source IP; enter the public IP addr that you want to use
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/apply_nat_rules_c.html
Option 2:
Add the public IP addr that you want to use on a 1-to-1 NAT entry along with your SGA device private IP addr. Then all outgoing traffic from the SGA device will use the public IP addr on the 1-to-1 NAT.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_1_to_1_config_c.html