asked on

External IP Range split between to interfaces or devices

Hello,

I currently have a usual internet setup, with a block of external ip address on the internet connection and then my watchguard nats various external ip addresses to internal resources eg webserver, exchange server etc.

I now have the requirement that i need to have a mitel teleworker server on an external IP address that is not nated. It has to be actually on the internet.

Can you give me any advice the best way to do so. I thought about breaking the internet connection between the internet router and the watchguard firewall puting a switch inbetween and give the teleworker an ip address in that external range, and the default gateway would be the internet router?

thanks

Phil

dpk_wal

That is a possible solution to put the teleworker server directly on the internet with no firewall protection; another solution which can be implemented is to configure FB in drop-in mode and then put teleworker server behind it.
With FB in drop-in mode all interfaces of FB would have one single IP address and FB would not do NAT for any network. For existing network for which FB does NAT, we would add secondary network with specific IP subnet on the specific interfaces, and FB would do NAT for secondary networks.
We can now have teleworker server behind WG with a public IP [please ensure that this IP is not used by any 1-1 NAT settings or aliases in WG configuration] and have complete firewall protection for teleworker server.
If needed we can open ANY server from specific external IP to teleworker server, so there would be no NAT and so to say no firewall between the configured addresses.

Please let know if you need more details.

Thank you.

philipfarnes

ASKER

We ended up using drop-in mode

thanks

ASKER CERTIFIED SOLUTION

dpk_wal

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial