Solved

Multiple Nat congurations on the same interface Watchguard Firebox

Posted on 2006-06-28
7
970 Views
Last Modified: 2013-11-16
I have a watchguard firebox
I need to setup policy manager for using both private IPs and Natted Public IP's on the same interface
how do I do this

I currently have it set to do 1-to-1 NAT
Everymachine has its own Public IP address currently
I want to add additional PC's on the same interface without using Public IP addresses

1-to-1 NAT setup
-enable 1-to-1 NAT

Interface:     Netbase:                     Realbase:
External        67.132.131.24             192.168.1.24

Dynamic NAT Exceptions:  
192.168.1.24 - external


0
Comment
Question by:wirelessadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17003689
it works perfectly fine for now, but I have more PCs than public IP addresses
0
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17003776
so I need to know how to add pcs with private IP's only
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17004740
Umm what?  I am not sure what you want to do.  I don't even understand private and public NAT'ed on the same interface.  Normally you have private addresses on one interface (the "inside") and public addresses on another (the "outside") .  The firewall will then NAT PRIV-to-PUB when traffic is going from the inside to the outside and PUB-to-PRIV when traffic is coming from the outside to the inside.

If you are trying to do NAT'ing and you have many private IP address and only a few public, then you need to either do dynamic 1-to-1 NAT and only a few people (the same number as you have public IP addresses) will be able to get out at once, or you need to do many-to-1 NAT.

My suggestion, and the norm, is to do many-to-one NAT.
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 
LVL 5

Author Comment

by:wirelessadmin
ID: 17005242
i want 1-to-1 nat and many-to-1 NAT to run on the same interface
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17006305
Which model do you have?
0
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17010598
x1000
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 17015132
It looks like you just need to enable dynmaic NAT.  By default it will dynamically NAT:

     192.168.0.0/16
     172.16.0.0/22
     10.0.0.0/8

I will assume that it will use the IP address of the "outside" interface that it NATs to.  You can find more at:

     http://www.watchguard.com/help/lss/741/WFSHelp.htm
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question