External IP to optional port

[kwelipatton]

I have a watchguard x750e I have 24 or so address given to my from my ISP I have some of them applied to the external nic as secondary address's I want to give a server an external ip can I use one of the optional interfaces for that?

Thanks for any help you can provide.

 

[hairlessupportmonkey]

Of course.

So if you want to create a DMZ on an optional port for your server, you then use 1 to 1 NAT (under NAT) to assign one of your IPs to that device.

Then in your policies, create the appropriate rules to allow traffic either from the outside in such as Web (policy would be Any external to your public IP you assigned under NAT) and also rules from trusted to optional. careful there though. if your intention is to snadbox say a web server then only allow traffic to gain access to your web server. The intention might be to isolate your trusted from your public services. This is called network segmentation.

ACSS - SME
General Geek

 

[hairlessupportmonkey]

P.S - time to retire that x750e. I would be inclined to replace it with an XTM 330 or 500 series depending on budget.

ACSS - SME
General Geek

 

[kwelipatton]

So in the config for optional interface do I need to add the external address? or leave it as a secondary address on the external interface.

I follow you on the one to one config the above portion im a bit confused about.


thanks for your help.

 

[hairlessupportmonkey]

No, if your server is already on your trusted network, remove the secondary IP off the external and add it into 1 to 1 NAT

The apply policies as required.

no need to configure optional ports


ACSS - SME
General Geek