Solved

Configuring a /30 IP block and a /26 IP block

Posted on 2016-08-28
6
96 Views
Last Modified: 2016-08-29
Hi,
My ISP gave me a /30 address that is to be used to route my /26 block of IP addresses.

/30 block
3.3.3.3 ISP side
3.3.3.4 my side (Fortigate firewall)

/26 block of addresses
5.5.5.5 /26

Internal network
10.0.0.x

My network is able to browse the internet just fine, with all internet traffic going through the 3.3.3.3 gateway.  How do I setup my network to utilize the /26 block of addresses?

Thank you for any suggestions.
0
Comment
Question by:lawemcsd
6 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41773635
it depends on the devices before the FortiGate firewall as well as the FortiGate device itself.

1. please advise your the model of your FortiGate device.

2. please advise if there is any device to use the /26 IPs before the FortiGate firewall, or everything is behind or protected by the FortiGate firewall?
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 41773652
How do I setup my network to utilize the /26 block of addresses?
Typically you should create Nat pool for your IP address range (/26 block) and then just create NAT translation rules that your private IP address range use that nat pool, so traffic gets natted with that IP address range. Default route is still the same - next hop is 3.3.3.3. The rest is up to ISP - they need to configure route(s) that will  point to your WAN ip address as next hop to reach your /26 block.
0
 

Author Comment

by:lawemcsd
ID: 41773982
Hi, Thanks for the responses.

I'm using a Fortigate 800c. And the /26 address would all be behind the firewall.  

Do I need to establish a port to  act as the gateway for 5.5.5.5?  What's ideal?

Thanks
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 26

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 250 total points
ID: 41774244
/26 address would all be behind the firewall
In that case you don't NAT traffic for those, just create routes (if needed) and that's it (sure ther should be some gateways somewhere :) ). However, not sure for configuration details on Fortigate.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 250 total points
ID: 41774645
It depends on what you want to do, but you
either use a DMZ for those /26 addresses, just routing them thru and allowing "interesting" or all traffic
or create port-forwarding for /26 addresses on FortiGate (with appropriate NAT policies allowing traffic) to (private) LAN IPs.

The DMZ has the advantage that traffic is kept separate for public IPs and LAN, and you are able to define granular access rules (policies) for DMZ <=> LAN traffic. DMZ is more secure.
0
 

Author Closing Comment

by:lawemcsd
ID: 41775714
Thanks folks!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now