Options
how to distribute public IPs to end users
we have a situation where we have 14 public IP addresses on a leased line. we have 14 different businesses and they all want a separate external ip address. they all have routers installed that provide local ip addresses to their clients. how can we set this up on a firebox t85 will it be done through Vlans or 1-1. they want static external ip addresses for their clients and VPN purposes.
thanks
0
Sign In to comment.
Comments
If you want the router connections to be behind your T85, you can set up 1-to-1 NAT entries with the desired public IP addr and the private IP addr of the router external interface.
You also could put a switch outside your firewall and have all of the other routers and your firewall connected to it, and have each of those routers be assigned 1 of the public IP addrs.
Configure Firewall 1-to-1 NAT
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_1_to_1_config_c.html
Thanks, Bruce
We have a layer three switch after the firewall. and all clients are connected to that switch. in that scenario how will we do it? what will be a preferred method?
I would make the other sites be responsible for their own security and have them connected outside of your firewall.
Give each of the other sites a public IP addr to use.
Set up an external VLAN on your layer 3 switch, and connect your ISP connection, your T85 external and all of the routers to this external VLAN.
In addition to Bruce's suggestions, drop in mode may also be a viable solution for you:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/net_config_dropin_about_c.html
-James Carson
WatchGuard Customer Support
thanks