Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

Multiple public IP blocks

I have just one internet service provider. From this ISP I have 3 blocks of public IP addresses, which means 3 different gateway addresses.

On the XG firewall I ended up creating 3 WAN interfaces - one for each Public block of IPs where one IP from each block is the gateway.

So now on XG network > WAN Link Manager I have 3 IPv4 Gateways.

I've been creating NAT rules for websites that fall into each of the 3 IP blocks so I know the IPs are working.

However any time I go to the WAN Link Manager page in XG, it always shows a green dot next to gateway 1 but gateways 2 and 3 always have a red dot. Why does XG tell me the gateways are "down"?

From outside, I am able to ping the 3 gateway IPs and as I mentioned, there are public IPs within each subnet that are fully functional.

(And by the way is there another way to get multiple blocks of public IPs into a single interface? From what I can tell XG will let you do this, but you can only have one gateway address. Doesn't the gateway address need to be one of the IPs in the (/27 for example) block?

Parents
  • In this situation we ask the ISP to route the additional subnets behind the first.(mostly)
    So we can use the second / third subnet within the DMZ behind SG or XG or another FW.
    How do you connect the 3 subnets? There are different options where the interfaces using the same L2 network and the gateways have the same MAC-address. This may create effects or problems ...


    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question click the 'Verify Answer' link.

  • Since there are additional ports on the front of the XG, I used the pre-configured WAN port and called it Gateway1.  Then took 2 more ports, configured them as WAN ports and I assigned one IP from each block, to each of the 3 WAN ports. So WAN port 1 has an IP address from public IP block 1. WAN port 2 has a public IP address from public IP block 2, and WAN port 3 has a public IP address from public IP block 3.  Then on the Configure > Network > WAN Link Manager I created 3 gateways. Each gateway is the gateway IP from each of the 3 blocks. Since all 3 blocks come from the same ISP I am not necessarily looking to create any sort of failover. Instead what I want is the ability to use all of the public IPs in each of the 3 IP blocks.  I have already allocated a handful of IPs from each block to point to public websites and servers and as far as I can tell, those servers never go offline. Yet the XG constantly sends me automated emails telling me Gateway 2 is down, Gateway 3 is down. And maybe 4-5 hours later an email telling me they are up.  It happens all day long.  Maybe I was not supposed to set it up this way but how else can I program all of the IPs from all 3 blocks into the firewall?

Reply
  • Since there are additional ports on the front of the XG, I used the pre-configured WAN port and called it Gateway1.  Then took 2 more ports, configured them as WAN ports and I assigned one IP from each block, to each of the 3 WAN ports. So WAN port 1 has an IP address from public IP block 1. WAN port 2 has a public IP address from public IP block 2, and WAN port 3 has a public IP address from public IP block 3.  Then on the Configure > Network > WAN Link Manager I created 3 gateways. Each gateway is the gateway IP from each of the 3 blocks. Since all 3 blocks come from the same ISP I am not necessarily looking to create any sort of failover. Instead what I want is the ability to use all of the public IPs in each of the 3 IP blocks.  I have already allocated a handful of IPs from each block to point to public websites and servers and as far as I can tell, those servers never go offline. Yet the XG constantly sends me automated emails telling me Gateway 2 is down, Gateway 3 is down. And maybe 4-5 hours later an email telling me they are up.  It happens all day long.  Maybe I was not supposed to set it up this way but how else can I program all of the IPs from all 3 blocks into the firewall?

Children
No Data