I have 5 public IP addresses from my ISP can I have two firewalls using them?

I have usable 5 public IPs lets say from my ISP.

I currently have an ethernet cable connecting my single Cisco firewall to my ISP's router.

Is it possible for me to plug the ISP router into a switch and then have 2 firewalls also plugged into other ports on the switch and configure one firewall to use part of the public IP range and the other firewall to use the other half?

I have heard this is possible but have never tried. Thanks.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You need a router for each public IP address (or a router with multiple WAN ports). I have clients with multiple IP addresses and I use a router for each connection I need.
Ken BooneNetwork ConsultantCommented:
Yes what you are asking is possible if the public IP address space is sitting between the ISP router and your firewall.  

The scenario would be like this

        IPS router at x.x.x.1
        |                                |
Firewall #1              Firewall #2
x.x.x.2                      x.x.x.4

You can then use say .3 on firewall #1 for something else and .5 on firewall #2 for something else.

This will work without problem.
Thomas GrassiSystems AdministratorCommented:
John is correct

We have a switch after the ISP device.

Then from that switch we can plug in any router device we need to get a separate public address

                                 |                           |                                  |
                             Firewall 1        Firewall2                        Test
This works well  we plug in a Buffalo WiFi Router to the WAN Switch and then we can test WiFi or Lan issues.


yes you can use two firewalls each with a unique ip address from the 5 -address block that you have been assigned. Ie router 1 can have address 172.18.1 15 and router2 can have address

However if you plan to use NAT or PAT to hide your LAN using the public address block given to you , then care should be taken that translated addresses used on the two routers are unique too. Ie router1 and router2 should not be configured to NAT the internal address to the same public address.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MikeC7Author Commented:
Thanks for the feedback everyone! I will give this a try this week!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.