NAT for external LAN port with private Addresss
Hello,
I have a somewhat strange setup here.
We are in a building together with a partner company, they have a camera security system and so do we.
The system is the same. Now, as this company monitors the entrance area etc., they have provided us with a LAN port which we are supposed to include in “our” infrastructure.
Now I wanted to let the traffic go through our firewall. As I still have a free port there, I wanted to use it for this. However, the problem is that you can access the camera via the LAN port provided, with a subnet that we already use.
I then tried to configure the interface as External, Optional etc. in order to access the IP address with a SNAT via port 443. Unfortunately, this has not worked so far. I have an error in my thinking somewhere and am currently stuck.
The LAN port goes into an untagged port in a separate VLAN on the switch. The intention would then be to be able to access the camera via a dedicated port.
Do you have any ideas or is this approach completely wrong?
Comments
You can't have the same subnet on different firewall interfaces when in Mixed Routing mode.
The only exceptions to this are:
. if you have multiple interfaces set up as a bridge group
. if you have the same VLAN bridged across 2 interfaces
So you could a bridge group - but then you can't control what goes across the bridge group firewall interfaces. So this is not a good solution.
If the goal is to have them monitor your camera feed, have them access the camera via the public IP addr of you firewall.
Set up a policy allowing this using SNAT to the private IP addr of the camera, From: their public IP addr.