How can I know the public ip of an interface in nat mode from the firebox?

How can I know the public ip of an interface in nat mode from the firebox?

Comments

  • From inside the firewall, go to here to see the external interface IP addr:
    https://www.whatismyip.com/

    If your firewall external interface has a dynamic IP addr, you can set up DYNDNS, and then use the FQDN set up at the DYNDNS to access the firewall external interface.

  • If you literally mean "from the firewall" and not something looked up by an external service for the WAN IP, I think the best display is the Firebox System Manager > Front Panel > Interfaces section. It shows all interfaces and their respective IP addresses, including VLANs. It can be found on the web UI as well, but to me, not as easily.

    Gregg

    Gregg Hill

  • You didn't understand me, from the firebox itself and without seeing it in the interfaces. In the diagnosis option for example

  • I guess that we do not understand your question at all.

    For outgoing packets, in Traffic Monitor, if you have Logging enabled on various outgoing policies, you can see src_ip_nat= on an Allow log message.
    That will be the public IP addr that the packet gets as it leaves the firewall.

    I am not aware of any way to see the public IP addr using any of the Diagnostic Tasks, other than to use TCP DUMP and capture incoming packets.

  • Please clarify your goal so we know what you want.

    The WAN IP can be seen in multiple places from within the Firebox, or viewing it from within FSM as previously noted. Why do you object to "seeing it in the interfaces"? That answered your initial question of finding the public IP address.

    I am not sure what you mean by "In the diagnosis option for example." Using FSM, the Status Report tab shows all IP addresses, if that's what you mean.

    If your goal is to know what public IP address a computer is translated to using NAT behind a Firebox, go to the site Bruce mentioned.

    If your goal is to find IP addresses of interfaces, they are in multiple places. For example, open WatchGuard System Manager and log into the Firebox, then expand Firebox Status. Or log into FSM as I noted before. Or use the web UI if you want to see it without using any external programs.

    Gregg Hill

Sign In to comment.