Multiple Nat congurations on the same interface Watchguard Firebox

I have a watchguard firebox
I need to setup policy manager for using both private IPs and Natted Public IP's on the same interface
how do I do this

I currently have it set to do 1-to-1 NAT
Everymachine has its own Public IP address currently
I want to add additional PC's on the same interface without using Public IP addresses

1-to-1 NAT setup
-enable 1-to-1 NAT

Interface:     Netbase:                     Realbase:
External        67.132.131.24             192.168.1.24

Dynamic NAT Exceptions:  
192.168.1.24 - external


LVL 5
wirelessadminAsked:
Who is Participating?
 
giltjrConnect With a Mentor Commented:
It looks like you just need to enable dynmaic NAT.  By default it will dynamically NAT:

     192.168.0.0/16
     172.16.0.0/22
     10.0.0.0/8

I will assume that it will use the IP address of the "outside" interface that it NATs to.  You can find more at:

     http://www.watchguard.com/help/lss/741/WFSHelp.htm
0
 
wirelessadminAuthor Commented:
it works perfectly fine for now, but I have more PCs than public IP addresses
0
 
wirelessadminAuthor Commented:
so I need to know how to add pcs with private IP's only
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
giltjrCommented:
Umm what?  I am not sure what you want to do.  I don't even understand private and public NAT'ed on the same interface.  Normally you have private addresses on one interface (the "inside") and public addresses on another (the "outside") .  The firewall will then NAT PRIV-to-PUB when traffic is going from the inside to the outside and PUB-to-PRIV when traffic is coming from the outside to the inside.

If you are trying to do NAT'ing and you have many private IP address and only a few public, then you need to either do dynamic 1-to-1 NAT and only a few people (the same number as you have public IP addresses) will be able to get out at once, or you need to do many-to-1 NAT.

My suggestion, and the norm, is to do many-to-one NAT.
0
 
wirelessadminAuthor Commented:
i want 1-to-1 nat and many-to-1 NAT to run on the same interface
0
 
giltjrCommented:
Which model do you have?
0
 
wirelessadminAuthor Commented:
x1000
0
All Courses

From novice to tech pro — start learning today.