LuiLui77
asked on
Why is my external IP the outside interface of my firewall instead of the interface of my main WAN router?
Hello All,
I have a firewall on my network which resides right after my main WAN router (coming from the outside) or before my main WAN router (If you look at it from the inside). When I lookup my external IP in the internet, it shows me the configured IP of the outside interface of my firewall instead of the outside interface of my main WAN router.
Why is this?
Any help on clarifying this will be greatly appreciated!
Thanks.
I have a firewall on my network which resides right after my main WAN router (coming from the outside) or before my main WAN router (If you look at it from the inside). When I lookup my external IP in the internet, it shows me the configured IP of the outside interface of my firewall instead of the outside interface of my main WAN router.
Why is this?
Any help on clarifying this will be greatly appreciated!
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
LockDown32
That is pretty much standard assuming you don't use or do any programming to the WAN Router. It doesn't have to be Bridge Mode (I wish Comcast would let that happen) but you really shouldn't be using it for much.
ASKER
Thank you!
Now, how about if I have a Ciso router as a main WAN router which is managed and its programed to talk to the ISP directly?
Now, how about if I have a Ciso router as a main WAN router which is managed and its programed to talk to the ISP directly?
If the Cisco is the WAN router given this setup: Office LAN -> Firewall -> WAN Router
Then, yes, it would probably be fine and setup in bridge mode or passthrough mode. This is a good practice since it avoids something called "Double NAT'ing" which is a pain.
Managed really doesn't matter, that just means that your ISP takes care of the router configuration for you. ...so they set it up in bridge mode.
Then, yes, it would probably be fine and setup in bridge mode or passthrough mode. This is a good practice since it avoids something called "Double NAT'ing" which is a pain.
Managed really doesn't matter, that just means that your ISP takes care of the router configuration for you. ...so they set it up in bridge mode.
Hi There,
The PAT in your case is defined for LAN subnet at the firewall level.
The edge router would not be involved in any NAT for the traffic incoming towards it and would be responsible to route the packet with the source as the firewall PAT IP towards the destination.
The PAT in your case is defined for LAN subnet at the firewall level.
The edge router would not be involved in any NAT for the traffic incoming towards it and would be responsible to route the packet with the source as the firewall PAT IP towards the destination.
When you are assigned a block of IPs from your service provider, you also get two different IP addresses. One you assign to your router's outside interface and second you configure as the default route. These different IP's are used by ISP to route traffic to your assigned block of IPs.
ASKER
Thanks Tim!