Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

1 ISP WAN, 18 ISP LAN addresses - how to I setup a port for an edge router to go out ISP LAN IP

We have 1 WAN IP from our ISP

18 LAN IPs from the ISP

Current setup is one CAT6 from ISP to Sophos Firewall. Firewall has the 1 WAN IP interface setup for internet

We need a port enabled for on the firewall for a Vendor router to use one of the LAN IPs from the ISP.

We want all of this traffic separate from our network.

What is the best way to go about this?

Thank you in advance!

Added TAGs
[edited by: Erick Jan at 12:47 AM (GMT -7) on 16 Apr 2024]
Parents Reply
  • Hi   what you are trying to do is a transparent subnet gateway. The XG can do it, but it's not as clean as other vendors do it. Here is the link.

    Option 2, and the easiest solution, would be to put a small switch in between your ISP handoff and your Sophos Firewall. You can then let your vendor plug into the small switch as well and use a public IP (LAN IP) from your ISP block they have assigned you.

    In either case of using transparent subnets or using a small switch, the traffic would be separated. 

    Also, ISP's call them LAN IP's, but they are WAN IP's 99% of the time. They just refer to them as LAN because they are typically assigned to the LAN interface of the CPE device they install. They are LAN in the big picture to them, but are WAN to you since that would be your public IP block, unless they use CGNAT, which is another topic.

    Let me know if you need anymore help.