Vlan Outbound traffic
Hello,
Sorry, I asked my question in the wrong category, so I'm asking it again in the right category.
I'm new user to watchguard firewalls and need your help to make a change for some outbound traffic on our firewall and I wouldn't want to cause any damage by making this change.
Here's an example of a similar configuration that we have now:
On our network, we have several vlans that we'll call vlan10, vlan20, vlan30, vlan40 .... We also have several public ip addresses: main ip address: 108.169.80.242 and secondary ip address: 108.169.80.243, 108.169.80.244, 108.169.80.245, ....
Currently, outgoing traffic to the Internet from all vlans uses the main public ip address 108.169.80.242.
We want vlan30's outgoing traffic to use the secondary ip address 108.169.80.244, not the main public ip address.
How can we do this?
Thank you for your help.
Answers
There are 2 options:
1) add a Dynamic NAT entry for the desired goal - From: the VLAN name or the VLAN subnet To: Any-external, & Set source IP = the desired Secondary IP addr.
Make sure to move this to the top of the Dynamic NAT entries list.
2) on a policy, on the Advanced section, Dynamic NAT -> All traffic in this policy -> Set source IP addr -> specify the desired Secondary IP addr
Option 1) is global - it will be applied to all out going session traffic.
Option 2) is specific - to the outgoing traffic allowed by that policy
Hi,
I followed your procedure for option 1 and it works.
Thanks