• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

Configuring a /30 IP block and a /26 IP block

Hi,
My ISP gave me a /30 address that is to be used to route my /26 block of IP addresses.

/30 block
3.3.3.3 ISP side
3.3.3.4 my side (Fortigate firewall)

/26 block of addresses
5.5.5.5 /26

Internal network
10.0.0.x

My network is able to browse the internet just fine, with all internet traffic going through the 3.3.3.3 gateway.  How do I setup my network to utilize the /26 block of addresses?

Thank you for any suggestions.
0
lawemcsd
Asked:
lawemcsd
2 Solutions
 
bbaoIT ConsultantCommented:
it depends on the devices before the FortiGate firewall as well as the FortiGate device itself.

1. please advise your the model of your FortiGate device.

2. please advise if there is any device to use the /26 IPs before the FortiGate firewall, or everything is behind or protected by the FortiGate firewall?
0
 
PredragNetwork EngineerCommented:
How do I setup my network to utilize the /26 block of addresses?
Typically you should create Nat pool for your IP address range (/26 block) and then just create NAT translation rules that your private IP address range use that nat pool, so traffic gets natted with that IP address range. Default route is still the same - next hop is 3.3.3.3. The rest is up to ISP - they need to configure route(s) that will  point to your WAN ip address as next hop to reach your /26 block.
0
 
lawemcsdAuthor Commented:
Hi, Thanks for the responses.

I'm using a Fortigate 800c. And the /26 address would all be behind the firewall.  

Do I need to establish a port to  act as the gateway for 5.5.5.5?  What's ideal?

Thanks
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
PredragNetwork EngineerCommented:
/26 address would all be behind the firewall
In that case you don't NAT traffic for those, just create routes (if needed) and that's it (sure ther should be some gateways somewhere :) ). However, not sure for configuration details on Fortigate.
0
 
QlemoC++ DeveloperCommented:
It depends on what you want to do, but you
either use a DMZ for those /26 addresses, just routing them thru and allowing "interesting" or all traffic
or create port-forwarding for /26 addresses on FortiGate (with appropriate NAT policies allowing traffic) to (private) LAN IPs.

The DMZ has the advantage that traffic is kept separate for public IPs and LAN, and you are able to define granular access rules (policies) for DMZ <=> LAN traffic. DMZ is more secure.
0
 
lawemcsdAuthor Commented:
Thanks folks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now