Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Multiple Public IP's on WAN

Posted on 2007-10-03
8
Medium Priority
?
337 Views
Last Modified: 2013-11-16
Currently we have a firewall that it's transparent mode so the LAN interface has a public IP. We have a range of public IP's in use for various things.

Is it possible to use NAT on this firewall so it only has a public IP address on the outside and a seperate range on the inside which will still be a DMZ? Does it even make a difference to security whether it's a public IP or not (as long as the firewall is configured)
0
Comment
Question by:partymarty84
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Expert Comment

by:poweruser32
ID: 20008251
you mean use pat where you have 1 public mapped to many internal private ips-yes you can-the only thing is if you have more than 1 web server on the same port you will need the 2 public ips for this
0
 
LVL 1

Author Comment

by:partymarty84
ID: 20008275
No.

We have a range of public IP's that I'd like to put on the external interface of our firewall. Is this possible and sensible?
0
 
LVL 16

Accepted Solution

by:
poweruser32 earned 750 total points
ID: 20008325
well its been done in the past-i dont see any fault in it-usually pat is when you have a shortage of public addresses-you will need to use static 1-1 nat
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Assisted Solution

by:PortableLighting
PortableLighting earned 750 total points
ID: 20008342
As long as you set up your routing configuration to translate the NAT for each of your public IPs correclty it will work. It would be a better practice to use NAT instead of transparent acess.
0
 
LVL 1

Author Comment

by:partymarty84
ID: 20008386
OK so have it setup something like this:

Firewall - External IP - 222.1.1.10
              - Internal IP - 10.0.0.1

1st Server - 10.0.0.2  but NAT would forward on all ports from 222.1.1.9
2nd Server - 10.0.0.3 and NAT would forward on all ports from 222.1.1.4

That would work and be a standard setup?
0
 
LVL 1

Expert Comment

by:PortableLighting
ID: 20008436
Yes, but remeber to only forward ports you want.
Have it "block all" by default and only open ports for the services the server is going to provide.
0
 
LVL 1

Author Comment

by:partymarty84
ID: 20008521
OK Thanks, I've just seen a One-to-One NAT option which i think could be it...i shall do some testing!
0
 
LVL 1

Expert Comment

by:PortableLighting
ID: 20008686
Sure thing, let me know if you have any more Qs.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month21 days, 3 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question