This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assigning outgoing WAN ip addresses to subnets

I have several subnets in my local network (for subtenants) and some spare ip addresses in my WAN ip class. I would like to change the outgoing public ip address for some of those local subnets (used by subtenant organizations) and let the rest of the subnets use the "default" WAN ip address.

How can I achieve that?



This thread was automatically locked due to age.
Parents
  • Hello ChrisSoukup,

    Thank you for contacting the Sophos Community!

    Please check out this KB that resolves your query.

    You could also use SNAT to achieve this, but the preferred method is Masquerading, this coming from a performance perspective, also masquerading is regular practice.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi,

    great article - it's actually exactly the case I have.

    I ordered a second ip class from our ISP (to give our subtenants their own public addresses) and had to create another WAN interface (on a new eth port) with additional-interfaces for the rest usable IPs in the class.

    The only problem I had was while creating a "policy routes" entry. Setting the field "Destination network" to "Any" obviously invalidated the routing between the internal subnets. I changed the field to "Internet IPv4" but didn't test it yet. We need to keep the internal communication between the subnets running since the subtenants access some services from our main subnet.

    I must admit I was confused in the beginning because of the older "astaro" wording for menus & fileds so I had to translate them to the current UTM9 interface.

    Thank you for your help!

Reply
  • Hi,

    great article - it's actually exactly the case I have.

    I ordered a second ip class from our ISP (to give our subtenants their own public addresses) and had to create another WAN interface (on a new eth port) with additional-interfaces for the rest usable IPs in the class.

    The only problem I had was while creating a "policy routes" entry. Setting the field "Destination network" to "Any" obviously invalidated the routing between the internal subnets. I changed the field to "Internet IPv4" but didn't test it yet. We need to keep the internal communication between the subnets running since the subtenants access some services from our main subnet.

    I must admit I was confused in the beginning because of the older "astaro" wording for menus & fileds so I had to translate them to the current UTM9 interface.

    Thank you for your help!

Children
No Data