Solved

How do I configure the Optional interface to route internet traffic to my web server

Posted on 2008-10-09
1
992 Views
Last Modified: 2013-11-16
I have a WatchGuard 750E running Fireware Pro v9.1 (routed mode).  I would like to use an optional interface to route traffic to my webserver on the optional network (DMZ). I have 2 External interfaces (a T1 and DSL) setup for failover.  External IPs say T1 - 199.227.140.5/30 and DSL - 209.12.60.2/29.  I have asked for another IP from my T1 provider and received 97.65.40.90/29.  

How do I route traffic to the new public IP, and then to my webserver on the Optional Interface? I understand at least one 1:1 NAT is necessary from the Public IP to the Optional but I am not sure how to do this.  Also not sure how/where to assign the new public IP (Would it be as a secondary network on the External int. or is it set on the optional?)

My trusted interface has an IP 192.168.1.1 and the trusted network is on 192.168.1.0/24 subnet.  I have given the optional interface an IP of 192.168.2.1 and the web server directly connected to the optional interface an IP of 192.168.2.2

I have configured a policy to allow any traffic from Trusted to the Optional and only allow MS SQL Server and DNS from the Optional to the Trusted. This is working although I might tighten it up the security by specifying the webserver IP in the policy.

I have tried adding the second public IP 97.65.40.90/29 as a secondary on the external interface but Fireware tells me it is not valid.  From the manual it seems I would need an xp on the same subnet as 99.227.140.5/30.  When I try 99.227.140.7/30 it still says its invalid.

Any help would be greatly appreciated,

SPacheco
0
Comment
Question by:SergeMis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22684810
You would need to add address as secondary network; I tried in version 9.0.1 and I am able to configure the IP  97.65.40.90/29.
You can either use static NAT or 1-1 NAT as you wish.

Can you send the sanitized screenshot [blur out two octets of public IP] of the error you receive.

Thank you.
secondaryNet.JPG
0

Featured Post

Everything You Need to Know about Petya 2.0

Get an overview of the what, when and how of Petya 2.0  from our threat analyst Marc Labilerte, as well as a look at how WatchGuard Total Security Suite protected our customers from the recent attack!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question