Would it be possible for the T20 to have 2 external IPs and 2 internal IP's?

I am setting up a new network and want to know what way you would recommend.

I have an internet service that supplies five dedicated IPs. I was thinking on separating the traffic through the IPs via the Firebox T20.

IP 1 would be for client traffic over wifi.

IP 2 would be for building climate control monitoring.

Comments

  • Yes you can do this if you can identify the wi-fi traffic from the non wi-fi traffic.

    Is the building climate control monitoring for incoming from the Internet or outgoing traffic ?

    If your wi-fi devices have IP addrs from a different subnet than for the non wi-fi traffic, you can add a Dynamic NAT entry From: the wi-fi subnet To: Any-external, Set source IP = the external IP addr for outgoing wi-fi. Make sure that this entry is moved to the top of the list.

    Note that separating this traffic will not improve throughput.

  • edited December 2021

    The climate control monitoring will be bi-direction traffic. If figured putting wifi on a separate interface from climate control would increase our security.

  • If access to the building climate control monitoring device is desired from the Internet, then you can use SNAT if the public IP addr has been added to the firewall external interface as the primary or secondary IP addr.
    You can use 1-to-1 NAT for a non-primary public IP addr which has not been added as a secondary on external.

    You need to know the port needed to access the building climate control monitoring device for monitoring, and then add an appropriate policy for that port. For security purposes, it is best to limit this access to specific IP addrs or from authenticiated users of from VPN connected users.
    For VPN connected users, one does not need to use either SNAT or 1-to-1 NAT on the policy to allow this access.

Sign In to comment.