USG 110 Bridging specific WAN IP to DMZ?

mrwee
mrwee Posts: 40  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Having gotten my multiple WAN IP addresses under control, I'd like to map one of these to DMZ (Port 7).
Is creating a bridge the correct way, or is there another way?

Accepted Solution

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Yes so the second option is what you need instead of DMZ having 192.168.5.1 with subnet 255.255.255.0 and a device gets 192.168.5.2 and doing NAT you setup a small subnet within your WAN1 subnet 255.255.255.192  to a 255.255.255.252 on DMZ with a WAN IP gateway on DMZ at the end of subnet.
    Online IP Subnet Calculator (subnet-calculator.com)

All Replies

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    What WAN subnet do you have?

    You could bridge WAN2 to DMZ and the device gets the WAN IP.

    or you could setup a small subnet on DMZ let say your subnet is 2.0.0.0 subnet 255.255.255.248 you make DMZ gateway 2.0.0.5 subnet 255.255.255.252 the device gets IP 2.0.0.6 this means you only get on WAN1 usable IP's to NAT out of 2.0.0.0/29 2.0.0.1, 2.0.0.2 and 2.0.0.3.

    You then need a routing rule for DMZ
    incoming   Interface
    member DMZ
    next hop type Interface
    Interface WAN1
    source network address translation to none
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Anniversary 10 Comments Friend Collector
    My subnet on WAN1 is 255.255.255.192, but it's also the only physical WAN connection I've got, so I assume WAN2 is useless in this case.

    I dont' quite understand your second option, but just for clarification I'd like to map one of my multiple WAN1 IP addresses to the DMZ.


  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Yes so the second option is what you need instead of DMZ having 192.168.5.1 with subnet 255.255.255.0 and a device gets 192.168.5.2 and doing NAT you setup a small subnet within your WAN1 subnet 255.255.255.192  to a 255.255.255.252 on DMZ with a WAN IP gateway on DMZ at the end of subnet.
    Online IP Subnet Calculator (subnet-calculator.com)

Security Highlight