This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure multiple public IP addresses with multiple private IP addresses

Greetings,

I am using Sophos XG 230 firewall with SFOS 17.1.4 MR-4 running. I used to have 5 public IP addresses, each IP was configured on a separate port as DMZ zone and port forwarding was done from the firewall policy (Business Application Rule). Now, we are going to have 15 public IP addresses, but in this case I won't be able to use same scenario because of the physical port limitation in count. I was reading a lot about using alias, but truly speaking it was not so clear in my case.

Let's assume the following:

WAN 10.10.10.14/30
Servers network 192.168.1.0/24
Public IP addresses network 10.10.11.15/28

What is the best way to configure those 15 servers with my 15 public IP addresses and keep everything secure?

Regards,

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 6 years ago

Hi,

Alias are simple "one top" IP Addresses on an Interface.

https://community.sophos.com/kb/en-us/123095

https://community.sophos.com/kb/en-us/126541

There you will find couple of information about this.
Cancel
Vote Up 0 Vote Down

Cancel
0 dbachour over 6 years ago in reply to LuCar Toni
Greetings,

According to the links, I should do the following (For an example):

I will have two servers with the following IP addresses:

Private: 192.168.1.10, 192.168.1.11

Public: 10.10.11.10, 10.10.11.11

I need to create two aliases for the public IP addresses and choose WAN interface for them (10.10.10.14)

Physically, I will be using 1 LAN port and 1 WAN port. But, my question here is the Zone as well. Should I use an extra Ethernet Port for DMZ and assign an IP from my servers network (192.168.1.200 for example), or how to do it?

Regards,
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 6 years ago in reply to dbachour

Unless in bridge mode each port needs its own address range, so when you create you DMZ it will have a 192.168.99.1 for example. You would assign the aliases to the external interface (WAN) and use business rules to provide access to the servers regardless of which network they (LAN type) are in.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 6 years ago in reply to dbachour

Unless in bridge mode each port needs its own address range, so when you create you DMZ it will have a 192.168.99.1 for example. You would assign the aliases to the external interface (WAN) and use business rules to provide access to the servers regardless of which network they (LAN type) are in.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data