Quick question about multiple public subnets on SG-5100
-
Hey all:
I just inherited a company that was using a Router Guard appliance (yuck), that I have just replaced with a SG-5100. I have a routed /29 subnet from their ISP working on the WAN interface and all of the public IP's are working fine through the 'Virtual IP' function. I just found out that there is also a different /28 public subnet assigned to this company as well which I need to integrate into the 5100.
My question is, how do I add the additional /28? Do I just enter them as more Virtual IP's or do I need to do it differently? Any advice would be gratefully received.Rick
-
I don't have a similar config but that is what I would try first. Create a VIP for one of the IPs in that /28 and then play with it to see if it works.
-
If these are routed to you - you can actually place the IPs on devices behind pfsense if you wanted too.. There is no need to use vips - unless you actually want to do it that way.
-
@kom Worked perfectly! Man, I am falling in love with Pfsense!
-
I spoke too soon. I can ping the new IP from the 5100 when I add a VIP but I can't reach it from outside the FW. I have modified the NAT rules to point to the new VIP but no action. Do I have to add another gateway on the wan address with the network address of the new subnet (206.248.147.128/28)?
-
No you only need the one gateway. What are you trying to accomplish with the /28? Some port forwards?? Show your NAT rules.
-
If the /28 is routed to you - it should be routed to you over the same transit as your other network that is routed to you. You sure they are actually "routed" we get this a lot around here where they say routed be really the isp just gave them IPs that directly attached.
-
@johnpoz I agree. I have reached out to the ISP to get the routing information for the /28 subnet. I am waiting for that info before I move on.
-
All good now! ISP had second subnet incorrectly routed.
-
So you going to actually put the network behind pfsense or you going to just use vip?
-
@johnpoz I like to NAT, so I will use VIP.
