Block of 8 public IP addresses - can I pick and choose which IP maps to a port?

I have

  • a low volume email and web server.
  • a USG20 VPN device in a small home/office scenario.
  • a block of 8 public IP addresses, 5 usable with mask These have been in use for years.

I plan to shutdown my current old server and have created a new email server and will separate the web server next onto it own server.

My intentions are to separate/use 2 of the IP's and use map/NAT/other way to target IP (example and, using 2 different ports (4 and 5 on the device) for the mail and web servers. This is for security purposes. I have 1 IP for Mail and another for web.

I would probably use NAT to redirect each public or NATted IP to the port number


  1. Is it necessary to use 2 ports?
  2. Is NAT the best way to separate the IP's?
  3. Do I need to use NAT or can I direct the mail and web public IP's directly to the ports on the device?

TIA, Darryl.

    • You can set virtual server or 1:1 NAT instead of 2 ports, Firewall will respond ARP of other public IP in this case.
    • I believe it is the best way that only open necessary ports by NAT, moreover firewall can prevent some attack from internet.

