Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 289
  • Last Modified:

How can I allow access to two IP addresses on my network through Watchguard 700


Product: Watchguard III/700


I have added a service on the watchguard to enable external access to one of the servers on my network, I need to give this same person access to another server how can I do that?

  • 3
  • 3
1 Solution
the same steps as per the first service.

Simply add a new service (specify protocol) and then specify source inbound and destination inbound to the internal server, it should not be any different to how you setup the first server.

If you are simply adding a second IP to the same service, simply select the service and on the inbound, select add to destination and input the second IP and OK it.

If this does not help you, you need to detail your conflict for us so we can better assist you.
Tijani1150Author Commented:


I am trying to give access to 2 different servers from one/same external address and not vice versa,

If I double click the existing service and then click on [Add] from the [To] section I receive the [Add members] windows from which I click on [NAT] button I then receive the [Add static NAT] in the [External IP Address] is my network's external IP address and in the [Internal IP Adress] I type in the IP number of the server I want to allow access to,


When I type the IP number of this server I receive the following message:

Ambigious Address Translation
You can only configure one static NAT trusted host for each external IP address


When you try to use nat using the same service, you must specify indivdual (unique) external IP addresses.

The firewall is not able to provide the same service to two boxes with just one IP.

What you need to do is add a NAT address from the same subnet that is unused. Once you go thru the process to then add a ANT'd service, you will then get the option to use the new external IP address from the menu, select it and that should be it.

the only time you can re-sue the same external NAT IP is when you NAT for example SMTP and HTTP, becuase these are different, the firewall does not conflict.

When you try to use the same IP for the same service twice, the firewall cannot decide which way it should go hence it recognises that the request is ambigous.

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tijani1150Author Commented:
Ok, in that case which if the 2 servers this external user has access to be able to use? or will he be given an option?

it is optional once you setup the second external IP for NAT to the second server.

You can have as many NAT as you like (depending on performance of course).

The remote user simply needs to know which IP are assigned to which servers.

The user can access both servers at the same time if they wish.

Tijani1150Author Commented:


the solution you gave is not far off from what I have done anyway but when I thought about the other end ie. the person who is using Terminal Services to log on my servers I thought he will be able to connect to one server and not another and I got the person to try it and he was only able to access one server out of the two, the correct solution is like I did and you mentioned which is adding two services except that on eof the services has to be given a different port number and this is the only way it will work,

Thank you for helping me out.


Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now