Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jerlin
Explorer
Jump to solution

Configure two public IP with ClusterXL

We are running GAIA 77.30 with two FW's which is configured in cluster and act as a active - standby mode. We are having two ISPs connected with firewall through our internet routers which is managed by us. Both ISP's provided public /30 subnet which is used to connect ISP's to our routers. Also they provided public /29 subnet for our internal use. Firewall connections described below

  • Eth1 on both FW connected to ISP1 with cluster IP say AA.AA.AA.01/29 (Public IP)
  • Eth2 on both FW connected to ISP2 with cluster IP say BB.BB.BB.01/29 (Public IP)
  • Eth3 on both FW connected to DMZ with cluster IP 17.16.10.1/24
  • Eth2 on both FW connected to LAN segment with cluster IP 17.16.11.1/24
  • Eth4 on both FW connected between firewall's for SYNC.

ISP1's LAN public IP is almost used and they have provided new different public IP subnet (say dd.dd.dd.0/29) to use further. Please guide me how to configure the same. Network diagram is given below.

FW.jpg

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
If you're going to use this new subnet for NAT purposes only, no specific routes are required on the gateway.
This assumes the upstream router is configured to send that subnet to your gateways.

View solution in original post

0 Kudos
4 Replies
_Val_
Admin
Admin

What you are looking for is called "ISP redundancy".

 

Start here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut..., there are further references in the SK 

0 Kudos
Jerlin
Explorer

No, I'm not talking about ISP redundancy. We have already configured it and its working fine. 

As we are using two ISP's, ISP1's LAN public ip pool is exhausted. So they provided new set of public ip pool (Example dd.dd.dd.0/29). I have a doubt about how to add the new IP pool to our existing network and make use of NATing for internal servers.

 I have configured new public IP pool like below.

  • In firewall added static route for new public lan pool pointing towards router interface IP like below.

              "set static-route dd.dd.dd.0/29 nexthop gateway address AA.AA.AA.02 priority 1 on"

  • Added reverse route in ISP1's router for dd.dd.dd.0/29 pointing towards firewalls cluster IP AA.AA.AA.01.

This configuration working fine and NATing also working fine. I have a doubt whether this configuration is enough or any other better option. Please suggest.

0 Kudos
PhoneBoy
Admin
Admin
If you're going to use this new subnet for NAT purposes only, no specific routes are required on the gateway.
This assumes the upstream router is configured to send that subnet to your gateways.
0 Kudos
Jerlin
Explorer

Hi PhoneBoy,

Thanks for answering my query. So my configuration is correct and I'm continuing the same configuration.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events