Solved

How do I configure the Optional interface to route internet traffic to my web server

Posted on 2008-10-09
1
981 Views
Last Modified: 2013-11-16
I have a WatchGuard 750E running Fireware Pro v9.1 (routed mode).  I would like to use an optional interface to route traffic to my webserver on the optional network (DMZ). I have 2 External interfaces (a T1 and DSL) setup for failover.  External IPs say T1 - 199.227.140.5/30 and DSL - 209.12.60.2/29.  I have asked for another IP from my T1 provider and received 97.65.40.90/29.  

How do I route traffic to the new public IP, and then to my webserver on the Optional Interface? I understand at least one 1:1 NAT is necessary from the Public IP to the Optional but I am not sure how to do this.  Also not sure how/where to assign the new public IP (Would it be as a secondary network on the External int. or is it set on the optional?)

My trusted interface has an IP 192.168.1.1 and the trusted network is on 192.168.1.0/24 subnet.  I have given the optional interface an IP of 192.168.2.1 and the web server directly connected to the optional interface an IP of 192.168.2.2

I have configured a policy to allow any traffic from Trusted to the Optional and only allow MS SQL Server and DNS from the Optional to the Trusted. This is working although I might tighten it up the security by specifying the webserver IP in the policy.

I have tried adding the second public IP 97.65.40.90/29 as a secondary on the external interface but Fireware tells me it is not valid.  From the manual it seems I would need an xp on the same subnet as 99.227.140.5/30.  When I try 99.227.140.7/30 it still says its invalid.

Any help would be greatly appreciated,

SPacheco
0
Comment
Question by:SergeMis
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22684810
You would need to add address as secondary network; I tried in version 9.0.1 and I am able to configure the IP  97.65.40.90/29.
You can either use static NAT or 1-1 NAT as you wish.

Can you send the sanitized screenshot [blur out two octets of public IP] of the error you receive.

Thank you.
secondaryNet.JPG
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now