Solved

Multiple Nat congurations on the same interface Watchguard Firebox

Posted on 2006-06-28
7
974 Views
Last Modified: 2013-11-16
I have a watchguard firebox
I need to setup policy manager for using both private IPs and Natted Public IP's on the same interface
how do I do this

I currently have it set to do 1-to-1 NAT
Everymachine has its own Public IP address currently
I want to add additional PC's on the same interface without using Public IP addresses

1-to-1 NAT setup
-enable 1-to-1 NAT

Interface:     Netbase:                     Realbase:
External        67.132.131.24             192.168.1.24

Dynamic NAT Exceptions:  
192.168.1.24 - external


0
Comment
Question by:wirelessadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17003689
it works perfectly fine for now, but I have more PCs than public IP addresses
0
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17003776
so I need to know how to add pcs with private IP's only
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17004740
Umm what?  I am not sure what you want to do.  I don't even understand private and public NAT'ed on the same interface.  Normally you have private addresses on one interface (the "inside") and public addresses on another (the "outside") .  The firewall will then NAT PRIV-to-PUB when traffic is going from the inside to the outside and PUB-to-PRIV when traffic is coming from the outside to the inside.

If you are trying to do NAT'ing and you have many private IP address and only a few public, then you need to either do dynamic 1-to-1 NAT and only a few people (the same number as you have public IP addresses) will be able to get out at once, or you need to do many-to-1 NAT.

My suggestion, and the norm, is to do many-to-one NAT.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 5

Author Comment

by:wirelessadmin
ID: 17005242
i want 1-to-1 nat and many-to-1 NAT to run on the same interface
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17006305
Which model do you have?
0
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17010598
x1000
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 17015132
It looks like you just need to enable dynmaic NAT.  By default it will dynamically NAT:

     192.168.0.0/16
     172.16.0.0/22
     10.0.0.0/8

I will assume that it will use the IP address of the "outside" interface that it NATs to.  You can find more at:

     http://www.watchguard.com/help/lss/741/WFSHelp.htm
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question