Watchguard firebox: public IP addresses behind firewall with as much usable IP addresses as possible

Posted by martinezpt on Server Fault See other posts from Server Fault or by martinezpt
Published on 2013-10-21T21:16:07Z Indexed on 2013/10/21 21:55 UTC
Read the original article Hit count: 563

Filed under:
|
|
|

Our ISP assigned us 16 public IP addresses that we want to assign to hosts behind a Watchguard firebox x750e.

The IP addresses are: x.x.x.176/28 of which x.x.x.177 is the gateway.

The hosts will be running software that needs to be directly assigned the public IP address so 1:1 NAT is not an option.

I found this document that gives examples on how to assign public IP addresses to hosts behind the firewall, using an optional interface: http://www.watchguard.com/help/configuration-examples/public_IP_behind_XTM_configuration_example_(en-US).pdf

However, I can't implement scenario 1 as it won't allow me to use the same subnet on both interfaces. As for scenario 2, splitting the address range into 2 subnets will decrease the usable hosts on the optional interface to 5 (8 - network - broadcast - optional interface ip).

I'm convinced that there must be a better way to address this problem and maximize the number of usable IP addresses but I'm not very familiar with this specific firewall.

Are there any suggestions on how to keep the hosts behind the firewall with public IP addresses while maximizing the usable IP addresses?

thanks

© Server Fault or respective owner

Related posts about networking

Related posts about ip