How do I configure the Optional interface to route internet traffic to my web server
Posted on 2008-10-09
I have a WatchGuard 750E running Fireware Pro v9.1 (routed mode). I would like to use an optional interface to route traffic to my webserver on the optional network (DMZ). I have 2 External interfaces (a T1 and DSL) setup for failover. External IPs say T1 - 126.96.36.199/30 and DSL - 188.8.131.52/29. I have asked for another IP from my T1 provider and received 184.108.40.206/29.
How do I route traffic to the new public IP, and then to my webserver on the Optional Interface? I understand at least one 1:1 NAT is necessary from the Public IP to the Optional but I am not sure how to do this. Also not sure how/where to assign the new public IP (Would it be as a secondary network on the External int. or is it set on the optional?)
My trusted interface has an IP 192.168.1.1 and the trusted network is on 192.168.1.0/24 subnet. I have given the optional interface an IP of 192.168.2.1 and the web server directly connected to the optional interface an IP of 192.168.2.2
I have configured a policy to allow any traffic from Trusted to the Optional and only allow MS SQL Server and DNS from the Optional to the Trusted. This is working although I might tighten it up the security by specifying the webserver IP in the policy.
I have tried adding the second public IP 220.127.116.11/29 as a secondary on the external interface but Fireware tells me it is not valid. From the manual it seems I would need an xp on the same subnet as 18.104.22.168/30. When I try 22.214.171.124/30 it still says its invalid.
Any help would be greatly appreciated,