This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assigning outgoing WAN ip addresses to subnets

I have several subnets in my local network (for subtenants) and some spare ip addresses in my WAN ip class. I would like to change the outgoing public ip address for some of those local subnets (used by subtenant organizations) and let the rest of the subnets use the "default" WAN ip address.

How can I achieve that?



This thread was automatically locked due to age.
  • You need a SNAT Rule ...

    traffic from IP xxx.yyy.zzz.0/24 is SNATed as external IP 2.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hello ChrisSoukup,

    Thank you for contacting the Sophos Community!

    Please check out this KB that resolves your query.

    You could also use SNAT to achieve this, but the preferred method is Masquerading, this coming from a performance perspective, also masquerading is regular practice.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Dirk, it's just we old timers that have the habit of using SNAT.  The jokes on us!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    great article - it's actually exactly the case I have.

    I ordered a second ip class from our ISP (to give our subtenants their own public addresses) and had to create another WAN interface (on a new eth port) with additional-interfaces for the rest usable IPs in the class.

    The only problem I had was while creating a "policy routes" entry. Setting the field "Destination network" to "Any" obviously invalidated the routing between the internal subnets. I changed the field to "Internet IPv4" but didn't test it yet. We need to keep the internal communication between the subnets running since the subtenants access some services from our main subnet.

    I must admit I was confused in the beginning because of the older "astaro" wording for menus & fileds so I had to translate them to the current UTM9 interface.

    Thank you for your help!