cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How many external interface can be created on an Internet facing Firewall?

We have one internet facing FW which is having 1 external Interface with some Public IP address range. While forming VPN between my organization FW and client FW. we are using virtual IP of external Interface of Firewall as peer IP for my organization. 

Can we create sub-interface on external interface of Internet facing Firewall and assign one more public IP subnet and form VPN with Clients by using both physical and sub-interface external interface? Is this solution feasible?

0 Kudos
4 Replies

Re: How many external interface can be created on an Internet facing Firewall?

You can create multiple external interface on firewall and It can be dedicated or vlan interface.

Creating VLAN interfaces on physical interface in Gaia OS.

Probably Link Selection could in this case.

VPN R77 Versions Administration Guide 

0 Kudos

Re: How many external interface can be created on an Internet facing Firewall?

Hi Chinmay,

I am not sure that it would work or not but you will face issue with routing. ISP redundancy is good option.

0 Kudos
Maarten_Sjouw
Platinum

Re: How many external interface can be created on an Internet facing Firewall?

Why would you need to use 2 different IP addresses for 2 different functions?

The external IP can be used for normal outbound traffic, for Inbound port NAT and static NAT and on top of that as the VPN end-point for Site-2-Site VPN, RAS and SSL-VPN.

Regards, Maarten
0 Kudos
Admin
Admin

Re: How many external interface can be created on an Internet facing Firewall?

While we technically support configuring more than one IP on a given interface on a single gateway:

  • We don't recommend it
  • It is not supported if ClusterXL or VRRP is used

See: Support for Sub-interfaces / Alias IP address / Secondary IP address in Check Point products