Description:
This article describes how to operate multiple public IPv4 addresses on a Unified Firewall.
Requirements:
Scenario:
The Unified Firewall operates an SDSL connection with the public IP address range 81.81.81.1/29. This provides a total of 8 IP addresses. Five of these IP addresses can be used.
Procedure:
Checking the public IPv4 addresses stored for the active Internet connection:
1) Go to the menu Network → Connections → Network Connections and, for the Internet connection (in this example SDSL), click the pencil icon and check the settings.
2) Make sure that the IP addresses section contains all of the IPv4 addresses from the public IP address range. If necessary, add any that are missing.
The first IP address is always used for general communication. If necessary, adjust the order of the IP addresses using the arrow symbols. |
Using a specific public IPv4 address for port forwarding:
Port forwarding, which is set up already, should only take effect when the public IPv4 address 81.81.81.3 is addressed.
1) On the desktop, click the forwarding destination (in this example the Web Server), select the connection tool from the context menu and click the Internet object (in this case the WAN).
2) Under the Options for the required protocol, click on DMZ to access the advanced settings.
4) Set the External IP address to the public IPv4 address for which the Unified Firewall should implement port forwarding. Then click OK and store the connection.
5) Click Save to accept the change.
6) Finally, implement the changes by clicking Activate.
Using a specific public IPv4 address as a reverse proxy:
A previously configured reverse proxy should only take effect when the public IPv4 address 81.81.81.5 is addressed.
The IP address here only needs to be adjusted manually if a public IPv4 address is used instead of a DNS name. Otherwise, the IP address should simply be communicated to the responsible DNS server. |
1) Switch to the menu UTM → Reverse Proxy → Frontends and, for the Frontend to be adjusted, click the pencil icon to view the settings.
2) Under Domain or IP Address, enter the public IPv4 address of the Unified Firewall that is to act as the reverse proxy. Then click on Save.
Using a specific public IPv4 address for an IPsec connection:
A previously configured IPsec connection (instructions under Configuration of IPSEC-VPN connections) should establish the VPN connection via the public IPv4 address 81.81.81.6.
1) Switch to the menu VPN → IPsec → Connections and, for the connection to be adjusted, click the pencil icon to view the settings.
2) Under Listening IP Addresses, enter the public IPv4 address to be used to establish the IPsec connection (in this example 81.81.81.6).
The Listening IP Addresses apply both for incoming and outgoing IPsec connections. |
Redirecting communications to a certain destination to a specific public IPv4 address:
An Internet service with the public IPv4 address 99.99.99.1 should be addressed from the public IPv4 address 81.81.81.4 of the Unified Firewall.
1) Click the icon to create a host.
2) Modify the following parameters and then click Create:
3) On the desktop, click the network object (in this example INTRANET), select the connection tool from the context menu and click the host object created in step 2 (in this case Internet-Service).
4) Add the required protocols from the selection using the “+” icons.
5) Under Action, click each arrow once to allow only outgoing communication.
6) Under Options, click each None entry to view the advanced options.
7) For each of these, modify the following parameters and then click OK:
8) Click on Create.
9) Finally, implement the changes by clicking Activate.