Solved

Configuring a /30 IP block and a /26 IP block

Posted on 2016-08-28
6
184 Views
Last Modified: 2016-08-29
Hi,
My ISP gave me a /30 address that is to be used to route my /26 block of IP addresses.

/30 block
3.3.3.3 ISP side
3.3.3.4 my side (Fortigate firewall)

/26 block of addresses
5.5.5.5 /26

Internal network
10.0.0.x

My network is able to browse the internet just fine, with all internet traffic going through the 3.3.3.3 gateway.  How do I setup my network to utilize the /26 block of addresses?

Thank you for any suggestions.
0
Comment
Question by:lawemcsd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41773635
it depends on the devices before the FortiGate firewall as well as the FortiGate device itself.

1. please advise your the model of your FortiGate device.

2. please advise if there is any device to use the /26 IPs before the FortiGate firewall, or everything is behind or protected by the FortiGate firewall?
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 41773652
How do I setup my network to utilize the /26 block of addresses?
Typically you should create Nat pool for your IP address range (/26 block) and then just create NAT translation rules that your private IP address range use that nat pool, so traffic gets natted with that IP address range. Default route is still the same - next hop is 3.3.3.3. The rest is up to ISP - they need to configure route(s) that will  point to your WAN ip address as next hop to reach your /26 block.
0
 

Author Comment

by:lawemcsd
ID: 41773982
Hi, Thanks for the responses.

I'm using a Fortigate 800c. And the /26 address would all be behind the firewall.  

Do I need to establish a port to  act as the gateway for 5.5.5.5?  What's ideal?

Thanks
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 29

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 250 total points
ID: 41774244
/26 address would all be behind the firewall
In that case you don't NAT traffic for those, just create routes (if needed) and that's it (sure ther should be some gateways somewhere :) ). However, not sure for configuration details on Fortigate.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 250 total points
ID: 41774645
It depends on what you want to do, but you
either use a DMZ for those /26 addresses, just routing them thru and allowing "interesting" or all traffic
or create port-forwarding for /26 addresses on FortiGate (with appropriate NAT policies allowing traffic) to (private) LAN IPs.

The DMZ has the advantage that traffic is kept separate for public IPs and LAN, and you are able to define granular access rules (policies) for DMZ <=> LAN traffic. DMZ is more secure.
0
 

Author Closing Comment

by:lawemcsd
ID: 41775714
Thanks folks!
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question