Sanity Check

  • My firewall has 3 network ports, with one unused.  On my current internet connection, I use 2 static IP addresses, one for the firewall and outbound NAT.  The other is for a single server that allows inbound SSH.  I have a few VPNs to other offices running on my current connection.

    I'd like to bring another connection in, and simply move just the default NAT traffic there.  The VPNs and other static IP can stay on my current T1.

    I think this should be as simple as creating a 2nd route and changing the default route.

    Are there any pitfalls I'm overlooking?

    My VPNs shouldn't change because I specify the local endpoint, so I think the firewall will just do the right thing from a networking standpoint.

    Thank you very much for any information.


  • You have to make NAT rules for the new connection (if using AON).
    Then just change the outbound rule on the LAN to use the new gateway. Better yet create a failover routing group and use that. If you want the server to continue to go out the first connection, make a rule to allow it's IP with the original gateway specified and move this rule before the default outbound.

  • Thank you very much, that's great to hear.

Log in to reply