Options

Moving External Interface IP to a Secondary IP of Another External Interface

BazMacBazMac
edited July 7 in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Hi Team,

The description above will seem like there is a simple solution but there is a more complex situation in progress.

The WG unit we are discussing here is new. The config has been brought from a M370 unit. As part of a project to deploy this new WG, the client is has got a new WAN solution which uses BGP. The new WAN solution has two circuits which are now configured on separate External interfaces of this WG and BGP has been configured and working (with a test advertised prefix).

We will be migrating the customers IP ranges to this new solution and therefore the public IP(s) that are currently in use will no longer be configured on an external interface but rather advertised via BGP. This poses some questions I would like help with:

  1. The customer prefixes that are now to be advertised; should these IPs now be configured as secondary IPs on the External interfaces now participating in BGP? I had thought this would be the case but it turns out that an IP can only exist on 1 external interface at a time.

Here is a snaitized version of the topology:

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @BazMac

    The firewall won't let you move a secondary from one interface to another like this unless you're using a subnet like /32. If the IP is part of the subnet that exists as the other interface's IP, the ISP will need to break up the subnet.

    I'm not sure about the BGP component. If you haven't already done so, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.