[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Firewall IP addressing.

Hi,
Not sure on the answer to this one, so wondered if anyone had any advice;

We currently have a firewall setup where we have an untrust 178.72.*.* ip address and we need to add another collection of external IP addresses, our supplier can't expand our current range as is offering us another bank to add.
178.75.*.*

This is where my question comes in.  We are being asked if we want that as a secondary range or routed to a specific device.
Which would you say is better option?  The additional IP's need to go to different machines the otherside of the firewall.

I run Juniper firewalls here if that cuts down the options.


Kindest regards,

K
0
Emanuel
Asked:
Emanuel
  • 2
  • 2
1 Solution
 
raysonleeCommented:
If those additional IP's (178.75.*.*) are for different machines on the other side of firewall, of course it's better to have your ISP route them to the address of that firewall instead of mixing those with your local machines (178.72.*.*).
0
 
EmanuelAuthor Commented:
Yes they are for different machines.
OK, So do I need to create a new untrust firewall rule that will translate from that IP range?
However this isn't going to be a seperate line, it is going to come in on my single cat5 feed.
0
 
raysonleeCommented:
yes, you need NAT rule defined in your firewall for that IP range. And perhaps you have to protect your local network being accessed from that range of IPs (especially for preventing virus attacks).
You don't need a separate ISP line though. Traffic can route through your existing connection if bandwidth is sufficient for you and the new machines.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
EmanuelAuthor Commented:
Thats fine.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now