Solved

How do I configure the Optional interface to route internet traffic to my web server

Posted on 2008-10-09
1
987 Views
Last Modified: 2013-11-16
I have a WatchGuard 750E running Fireware Pro v9.1 (routed mode).  I would like to use an optional interface to route traffic to my webserver on the optional network (DMZ). I have 2 External interfaces (a T1 and DSL) setup for failover.  External IPs say T1 - 199.227.140.5/30 and DSL - 209.12.60.2/29.  I have asked for another IP from my T1 provider and received 97.65.40.90/29.  

How do I route traffic to the new public IP, and then to my webserver on the Optional Interface? I understand at least one 1:1 NAT is necessary from the Public IP to the Optional but I am not sure how to do this.  Also not sure how/where to assign the new public IP (Would it be as a secondary network on the External int. or is it set on the optional?)

My trusted interface has an IP 192.168.1.1 and the trusted network is on 192.168.1.0/24 subnet.  I have given the optional interface an IP of 192.168.2.1 and the web server directly connected to the optional interface an IP of 192.168.2.2

I have configured a policy to allow any traffic from Trusted to the Optional and only allow MS SQL Server and DNS from the Optional to the Trusted. This is working although I might tighten it up the security by specifying the webserver IP in the policy.

I have tried adding the second public IP 97.65.40.90/29 as a secondary on the external interface but Fireware tells me it is not valid.  From the manual it seems I would need an xp on the same subnet as 99.227.140.5/30.  When I try 99.227.140.7/30 it still says its invalid.

Any help would be greatly appreciated,

SPacheco
0
Comment
Question by:SergeMis
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22684810
You would need to add address as secondary network; I tried in version 9.0.1 and I am able to configure the IP  97.65.40.90/29.
You can either use static NAT or 1-1 NAT as you wish.

Can you send the sanitized screenshot [blur out two octets of public IP] of the error you receive.

Thank you.
secondaryNet.JPG
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question