Puplic IP for T80 Fire Box

The existing service provider has requested a public IP address from us, asserting that it is necessary for managing the WatchGuard Firebox firewall. They have emphasized that without a public IP, the management of the firewall may not be secure for the client. This has left me somewhat perplexed.

Could you kindly clarify whether a public IP is indeed required for managing the WatchGuard Firebox T80? If so, could you shed light on whether the responsibility of obtaining the public IP lies with the client or the service provider?

I appreciate your expertise in this matter and look forward to your guidance on ensuring the optimal security and management of the WatchGuard Firebox.

Comments

  • Normally, to remotely manage a firewall, one needs access to it via a public IP addr.
    If the firewall does not have a public IP addr, then the device in front of the firewall needs to have the appropriate port forwarding set up to allow remote access to the firewall.
    Some ISP routers can be put into bridge mode which allows the public IP addr to be assigned to the firewall external interface.

    re.: the responsibility of obtaining the public IP
    It depends on who was responsible for the current ISP connection.
    . If your company ordered it, then I would expect your company would be responsible for contacting the ISP and requesting a public IP addr if the ISP device can't be set up to allow the public IP to be assigned to the firewall external interface.
    . If the company managing the firewall was responsible for ordering the ISP connection, then they would be responsible for the public IP addr request.

    re.: the management of the firewall may not be secure for the client
    The only issue that I can see that could possibly be raised in a port forwarding on the ISP device setup, is the very minor possibility that the ISP could record the activity through their device, which they could do at the central office anyway. And the remote management connection should be encrypted - so there is no real security exposure that I see.
    The only issue I see is that the ISP could prevent or remove any port forwarding in its device, and thus prevent appropriate remote access to the firewall.

Sign In to comment.