Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do I configure the Optional interface to route internet traffic to my web server

Posted on 2008-10-09
1
Medium Priority
?
998 Views
Last Modified: 2013-11-16
I have a WatchGuard 750E running Fireware Pro v9.1 (routed mode).  I would like to use an optional interface to route traffic to my webserver on the optional network (DMZ). I have 2 External interfaces (a T1 and DSL) setup for failover.  External IPs say T1 - 199.227.140.5/30 and DSL - 209.12.60.2/29.  I have asked for another IP from my T1 provider and received 97.65.40.90/29.  

How do I route traffic to the new public IP, and then to my webserver on the Optional Interface? I understand at least one 1:1 NAT is necessary from the Public IP to the Optional but I am not sure how to do this.  Also not sure how/where to assign the new public IP (Would it be as a secondary network on the External int. or is it set on the optional?)

My trusted interface has an IP 192.168.1.1 and the trusted network is on 192.168.1.0/24 subnet.  I have given the optional interface an IP of 192.168.2.1 and the web server directly connected to the optional interface an IP of 192.168.2.2

I have configured a policy to allow any traffic from Trusted to the Optional and only allow MS SQL Server and DNS from the Optional to the Trusted. This is working although I might tighten it up the security by specifying the webserver IP in the policy.

I have tried adding the second public IP 97.65.40.90/29 as a secondary on the external interface but Fireware tells me it is not valid.  From the manual it seems I would need an xp on the same subnet as 99.227.140.5/30.  When I try 99.227.140.7/30 it still says its invalid.

Any help would be greatly appreciated,

SPacheco
0
Comment
Question by:SergeMis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 22684810
You would need to add address as secondary network; I tried in version 9.0.1 and I am able to configure the IP  97.65.40.90/29.
You can either use static NAT or 1-1 NAT as you wish.

Can you send the sanitized screenshot [blur out two octets of public IP] of the error you receive.

Thank you.
secondaryNet.JPG
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question