Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1001
  • Last Modified:

How do I configure the Optional interface to route internet traffic to my web server

I have a WatchGuard 750E running Fireware Pro v9.1 (routed mode).  I would like to use an optional interface to route traffic to my webserver on the optional network (DMZ). I have 2 External interfaces (a T1 and DSL) setup for failover.  External IPs say T1 - 199.227.140.5/30 and DSL - 209.12.60.2/29.  I have asked for another IP from my T1 provider and received 97.65.40.90/29.  

How do I route traffic to the new public IP, and then to my webserver on the Optional Interface? I understand at least one 1:1 NAT is necessary from the Public IP to the Optional but I am not sure how to do this.  Also not sure how/where to assign the new public IP (Would it be as a secondary network on the External int. or is it set on the optional?)

My trusted interface has an IP 192.168.1.1 and the trusted network is on 192.168.1.0/24 subnet.  I have given the optional interface an IP of 192.168.2.1 and the web server directly connected to the optional interface an IP of 192.168.2.2

I have configured a policy to allow any traffic from Trusted to the Optional and only allow MS SQL Server and DNS from the Optional to the Trusted. This is working although I might tighten it up the security by specifying the webserver IP in the policy.

I have tried adding the second public IP 97.65.40.90/29 as a secondary on the external interface but Fireware tells me it is not valid.  From the manual it seems I would need an xp on the same subnet as 99.227.140.5/30.  When I try 99.227.140.7/30 it still says its invalid.

Any help would be greatly appreciated,

SPacheco
0
SergeMis
Asked:
SergeMis
1 Solution
 
dpk_walCommented:
You would need to add address as secondary network; I tried in version 9.0.1 and I am able to configure the IP  97.65.40.90/29.
You can either use static NAT or 1-1 NAT as you wish.

Can you send the sanitized screenshot [blur out two octets of public IP] of the error you receive.

Thank you.
secondaryNet.JPG
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now