Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

Configuring a /30 IP block and a /26 IP block

Hi,
My ISP gave me a /30 address that is to be used to route my /26 block of IP addresses.

/30 block
3.3.3.3 ISP side
3.3.3.4 my side (Fortigate firewall)

/26 block of addresses
5.5.5.5 /26

Internal network
10.0.0.x

My network is able to browse the internet just fine, with all internet traffic going through the 3.3.3.3 gateway.  How do I setup my network to utilize the /26 block of addresses?

Thank you for any suggestions.
0
lawemcsd
Asked:
lawemcsd
2 Solutions
 
bbaoIT ConsultantCommented:
it depends on the devices before the FortiGate firewall as well as the FortiGate device itself.

1. please advise your the model of your FortiGate device.

2. please advise if there is any device to use the /26 IPs before the FortiGate firewall, or everything is behind or protected by the FortiGate firewall?
0
 
JustInCaseNetwork EngineerCommented:
How do I setup my network to utilize the /26 block of addresses?
Typically you should create Nat pool for your IP address range (/26 block) and then just create NAT translation rules that your private IP address range use that nat pool, so traffic gets natted with that IP address range. Default route is still the same - next hop is 3.3.3.3. The rest is up to ISP - they need to configure route(s) that will  point to your WAN ip address as next hop to reach your /26 block.
0
 
lawemcsdAuthor Commented:
Hi, Thanks for the responses.

I'm using a Fortigate 800c. And the /26 address would all be behind the firewall.  

Do I need to establish a port to  act as the gateway for 5.5.5.5?  What's ideal?

Thanks
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
JustInCaseNetwork EngineerCommented:
/26 address would all be behind the firewall
In that case you don't NAT traffic for those, just create routes (if needed) and that's it (sure ther should be some gateways somewhere :) ). However, not sure for configuration details on Fortigate.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
It depends on what you want to do, but you
either use a DMZ for those /26 addresses, just routing them thru and allowing "interesting" or all traffic
or create port-forwarding for /26 addresses on FortiGate (with appropriate NAT policies allowing traffic) to (private) LAN IPs.

The DMZ has the advantage that traffic is kept separate for public IPs and LAN, and you are able to define granular access rules (policies) for DMZ <=> LAN traffic. DMZ is more secure.
0
 
lawemcsdAuthor Commented:
Thanks folks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now