Zywall 1100 - multiple static ip

Phormsianer
Phormsianer Posts: 2  Freshman Member
First Comment
edited April 2021 in Security

Hello everybody,

We’ve purchased a Zywall 1100 VPN-Firewall and now try to add our static IPs from the ISP. As described in the manual we added a IP to an Interface and then adding a virtual interface for the next ip and so on.

Our Problem is that there is a limitation to 4 virtual interfaces on one physical interface. Setting up 15 IPs would need 3 WAN Ports.


Is there another way to configure static IPs?

 

Thanks for your time

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited October 2017
    Hello Phormsianer,
    Just want to confirm one thing first, as your description, in your scenario, only 3 interfaces can be Wan ports, others already been Lan interface?

    By default  Zywall 1100, there are three option interface (ge 6,7,8) which means you can modify option interface to be Wan zone. The Following steps as below.
    Option interface ge 6,7,8

    Modify ge6 to be Wan zone

    Charlie



  • Phormsianer
    Phormsianer Posts: 2  Freshman Member
    First Comment

    Hello Charlie,

    Thanks for your answer.


    I’m aware of the option to change the Zone for an interface. But that won't really fulfill our needs.

    What I’m looking for is a way to bind more than 5 static wan IPs to one physical interface.

    Why would I do this? Because using 3 physical interface for 15 IPs on a 100mbit connect is a waste of ports and this is only the backup line.


    So any further suggestions?

    Thanks for your time

    Marc



  • zyman2008
    zyman2008 Posts: 219  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    Usually, I'm use multiple public IPs for NAT to internal servers.
    I'm interesting on the application that would like to apply 15 IPs on the interface.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    What about using VLAN's?



  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited October 2017
    Yes, NAT port forwarding seems able creating over 10 rules on 1 physical port. (even using different IP address from your WAN side)
    In my view...the virtual interface just a IP address which able managing your device.
    That is really waste IP addresses........lol
  • Sulcus
    Sulcus Posts: 5  Freshman Member
    First Comment
    So you've got 15 public IP addresses, at 1 ISP with one router?

    I assume you've got 3 blocks of 5 IP addresses.
    In the example below I use 2 ISP's with both one block of 5 Public IP's, which will only use 2 WAN ports (need to use 2 WAN ports because I've got 2 ISP routers):

    Each WAN port has a fixed IP:

    WAN1
    IP Address: 95.97.143.186
    Subnet Mask: 255.255.255.248
    Gateway: 95.97.143.185

    WAN2
    IP Address: 80.127.121.154
    Subnet Mask: 255.255.255.248
    Gateway: 80.127.121.153

    Because the ISP is giving me a 255.255.255.248 subnet I can use 6 Hosts per subnet (-1 for the Gateway = 5 public IP's per ISP connection)

    Under 'Object | Address/Geo IP' I've created a 'HOST' for every single public IP I've got.

    WAN_1_186     HOST     95.97.143.186
    WAN_1_187     HOST     95.97.143.187
    WAN_1_188     HOST     95.97.143.188
    WAN_1_189     HOST     95.97.143.189
    WAN_1_190     HOST     95.97.143.190

    And the same for WAN2

    Once you've got all your public IP's configured, you go to NAT, and there you map the public IP to an internal IP.

    So in your case, when you've got 3 blocks of 5 with one ISP, you should setup one WAN with the first block. And create a virtual interface for the second and third block. After that you should be able to setup the 15 public IP's as mentioned above.

    If your ISP assigned 15 x 1 public IP, I won't have a solution for you ;-)


  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    One physical port only can support 4 virtual interface on my usg.
    Just curious that why do you want to create 4 virtual interface on one port, because the virtual interface just a IP address which only able managing your device.

Security Highlight