Watchguard firebox: public IP addresses behind firewall with as much usable IP addresses as possible
Posted
by
martinezpt
on Server Fault
See other posts from Server Fault
or by martinezpt
Published on 2013-10-21T21:16:07Z
Indexed on
2013/10/21
21:55 UTC
Read the original article
Hit count: 563
Our ISP assigned us 16 public IP addresses that we want to assign to hosts behind a Watchguard firebox x750e.
The IP addresses are: x.x.x.176/28 of which x.x.x.177 is the gateway.
The hosts will be running software that needs to be directly assigned the public IP address so 1:1 NAT is not an option.
I found this document that gives examples on how to assign public IP addresses to hosts behind the firewall, using an optional interface: http://www.watchguard.com/help/configuration-examples/public_IP_behind_XTM_configuration_example_(en-US).pdf
However, I can't implement scenario 1 as it won't allow me to use the same subnet on both interfaces. As for scenario 2, splitting the address range into 2 subnets will decrease the usable hosts on the optional interface to 5 (8 - network - broadcast - optional interface ip).
I'm convinced that there must be a better way to address this problem and maximize the number of usable IP addresses but I'm not very familiar with this specific firewall.
Are there any suggestions on how to keep the hosts behind the firewall with public IP addresses while maximizing the usable IP addresses?
thanks
© Server Fault or respective owner