3rd Party Firewall inside Watchguard network
I support a large estate, they have multiple tenants who have their own VLANs. They have a watchguard firewall which manages the ethernet circuit and internal LANS. The ethernet circuit has multiple WAN addresses. I want to assign a certain WAN IP to a network switch port, allowing the tenant to plug in their own firewall using the WAN address settings. Hwo would I achieve this?
0
Sign In to comment.
Comments
To have a public IP addr on an internal device:
1) switch to Drop-in mode. You can assign unused external IP addrs to internal devices. Note that there are a number of limitation when using Drop-in Mode.
Drop-In Mode
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/net_config_dropin_about_c.html
2) break the external subnet into multiple parts and assign an IP addr from 1 of the parts to the device. This will reduce the available IP addrs to be used by the firewall by more than 1.
3) use Dynamic NAT so that all traffic from an internal private IP uses a specific external IP addr. And, add a Any packet filter From: the internal IP addr To: Any-external, and have that policy at the top of your policy list - so that none of your normal policies affect this traffic. To allow incoming traffic to that internal IP addr, you would need to add a policy with SNAT, which could be an Any policy.
4) have a switch in front of your firewall and connect the internal firewall to the switch. Assign a desired external IP addr to that firewall.