Options

Apply external IP for specific policy/users

Hello,

I think I have it figured out, but I wanted to check here first before attempting it. We have a block of external IP addresses, with the primary IP naturally set as External through ETH0 (I believe). However, we want to set up a VLAN that will be used for a tenant in the office who needs their own external IP on a separate VLAN with its own policies separate from our policies.

Now, I set up its own VLAN with its own DHCP. I set up the policies that dictate the specific VLAN. But how can I set a static external IP for that VLAN so when they are on that port connection, it acts practically as it's own separate ISP connection?

Also, I have one issue with having done this with another connection in the office, though it did not require its own external IP. Same set up as the above, but the network name it gets when they connect is ORGANIZATION1 instead of their org name, ORGANIZATION2. Trying to figure out what I did wrong there. I have confirmed they are on the right VLAN and traffic is passing through that VLAN correctly.

Comments

  • Options
    edited July 2023

    Option 1: Network -> NAT -> Dynamic NAT - add an entry with From: the VLAN subnet To: the desired external IP addr. This will apply to all outgoing traffic
    Make sure to move this entry to the top of the list.

    Option 2: on an outgoing policy - Advanced tab - NAT section, select "All traffic in this policy", select "Set source IP" and enter the the desired external IP addr. This will apply only to traffic allowed by this policy

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Gakusei

    You can change the IP to be written as any IP you would like per policy in the advanced tab of that policy:

    The network name would likely have been set by DHCP. Check that your DHCP settings are setting a domain name (under WINS/DNS for that network) If you're using a different DHCP server than the firebox, check the settings on that.

    -James Carson
    WatchGuard Customer Support

  • Options

    Thank you so much! You guys' rock. I was a little off on my thinking, so this helps tremendously.

Sign In to comment.