Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 5582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure firewall for server with public IP?

HelgeP

Hi,

I have a few public IP adresses and I want to use just one IP for a server behind port3 of the XG86 firewall. port2 should be WAN and  port1 is used to manage the firewall.
I don't want to assign the firewall any public IP, it only should have assigned private IPs.
The traffic of the server behind port3 should of course be filtered by the firewall itself.

I have already tried a WAN(port2)-DMZ(port3) bridge with a private IP, but the server behind port3 didn't get any internet access with that configuration.

Does anyone have any idea how to set this up correctly?


Best regards,

Helge P.



This thread was automatically locked due to age.
  • 0

    Hello  

    If you have configure bridge between WAN(port2)-DMZ(port3), you will still need DMZ to WAN firewall rule without any NAT policy.

    and assign public IP address manually to your server.

    Further the line: "I don't want to assign the firewall any public IP, it only should have assigned private IPs." is confusing because for other users(apart from server) in network, how do you provide internet access?

    Hardik R 
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Hardik_R

    Hi Hardik_R,

    thank you for your answer. There is and there will be only one server behind the firewall.

    I have added a firewall rule for dmz to wan (without nat), but I cannot get it working with only private IP on the bridge.

    When I assign the bridge a public IP, the server behind gets internet access, but I don't want the firewall to have any public IP.

    Have I configured something wrong?

     

    Best Regards,

    Helge P

  • 0 in reply to HelgeP

    Hi,

    the firewall will need a public IP address on its external interface to enable firmware updates for IPS, ant-virus etc.

    What do you have between the XG and the internet?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    attached you will find a network diagram how I want to configure the XG to act as a firewall only.
    With a seperate out of band management port, which is configured with a private IP.

    Through the same private IP the XG is able to reach the internet over a gateway.
    The point is to get the XG not to route between IPs, it just should forward traffic between port2 and port3 with the ability of blocking certain Ports.


    Best Regards,

    Helge P

  • 0 in reply to HelgeP

    Hi,

    so if you do a what is my ip what is returned?
    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    I don't get your question, because it has nothing to do with the configuration.

     

    Best regards,

    Helge P.

Unfiltered HTML