?
Solved

How can I allow access to two IP addresses on my network through Watchguard 700

Posted on 2005-03-03
6
Medium Priority
?
284 Views
Last Modified: 2013-11-16

Hi

Product: Watchguard III/700

Issue:

I have added a service on the watchguard to enable external access to one of the servers on my network, I need to give this same person access to another server how can I do that?

0
Comment
Question by:Tijani1150
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 5

Expert Comment

by:tmehmet
ID: 13451363
the same steps as per the first service.

Simply add a new service (specify protocol) and then specify source inbound and destination inbound to the internal server, it should not be any different to how you setup the first server.

If you are simply adding a second IP to the same service, simply select the service and on the inbound, select add to destination and input the second IP and OK it.

If this does not help you, you need to detail your conflict for us so we can better assist you.
0
 

Author Comment

by:Tijani1150
ID: 13452436

tmehmet

I am trying to give access to 2 different servers from one/same external address and not vice versa,

If I double click the existing service and then click on [Add] from the [To] section I receive the [Add members] windows from which I click on [NAT] button I then receive the [Add static NAT] in the [External IP Address] is my network's external IP address and in the [Internal IP Adress] I type in the IP number of the server I want to allow access to,

Now

When I type the IP number of this server I receive the following message:

Ambigious Address Translation
You can only configure one static NAT trusted host for each external IP address

0
 
LVL 5

Accepted Solution

by:
tmehmet earned 900 total points
ID: 13457535
yes.

When you try to use nat using the same service, you must specify indivdual (unique) external IP addresses.

The firewall is not able to provide the same service to two boxes with just one IP.

What you need to do is add a NAT address from the same subnet that is unused. Once you go thru the process to then add a ANT'd service, you will then get the option to use the new external IP address from the menu, select it and that should be it.

the only time you can re-sue the same external NAT IP is when you NAT for example SMTP and HTTP, becuase these are different, the firewall does not conflict.

When you try to use the same IP for the same service twice, the firewall cannot decide which way it should go hence it recognises that the request is ambigous.




0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:Tijani1150
ID: 13457885
Ok, in that case which if the 2 servers this external user has access to be able to use? or will he be given an option?

0
 
LVL 5

Expert Comment

by:tmehmet
ID: 13458447
it is optional once you setup the second external IP for NAT to the second server.

You can have as many NAT as you like (depending on performance of course).

The remote user simply needs to know which IP are assigned to which servers.

The user can access both servers at the same time if they wish.

0
 

Author Comment

by:Tijani1150
ID: 13459668

mehmet

the solution you gave is not far off from what I have done anyway but when I thought about the other end ie. the person who is using Terminal Services to log on my servers I thought he will be able to connect to one server and not another and I got the person to try it and he was only able to access one server out of the two, the correct solution is like I did and you mentioned which is adding two services except that on eof the services has to be given a different port number and this is the only way it will work,

Thank you for helping me out.

Regards
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month14 days, 22 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question