Wires only Lease Line Configuration
I have a Wires only lease line connection, 100Mb on a 1Gb bearer. The network details are below from the ISP.
There is no manged router from the ISP so I want to terminate this into my WatchGuard M290. WAN IP is on a different subnet to my usable IP addresses, so I'm assuming I need to configure an external interface with the WAN IP details then configure additional interfaces with my usable IP's and create some kind of route?
Apologies if I have gotten that completely wrong, it's my first wires only lease line as normally have a manged router from the ISP.
Any help or suggestions would be much appreciated.
LAN Subnet:
157.125.XXX.XX/29
Subnet Mask:
255.255.255.248
Network IP:
157.125.XXX.XX
Gateway:
157.125.XXX.XX
First Usable IP:
157.125.XXX.XX
Last Usable IP:
157.125.XXX.XX
WAN IP:
51.52.XXX.XXX/30
Comments
You can add IP addrs from the 157.125.XXX.XX/29 subnet as Secondary IP addrs on the External interface set up with and IP addr from the First Usable IP
You can do one of two things:
-You can add the IP addresses to the external interface's secondary tab, which makes the firebox own them. This allows you to use them for things like VPNs, and SNAT actions (firewall rules for one or multiple ports.)
-You can make an entry in the 1:1 NAT table, which binds the external IP to an internal IP. The firewall does not own this IP, and will NAT traffic to the appropriate internal IP based on firewall rules.
(Secondary Network)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/second_net_config_c.html
(1-1 NAT)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_1_to_1_config_c.html
-James Carson
WatchGuard Customer Support
That's great! Thanks both for the replies.