dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1106
share rss forum feed

astroroxy

join:2013-07-26
Newport Beach, CA

Zyxel USG Disable Routing/ Pass Multiple Public IP

Hello,

Does anyone know if it is possible to use the USG series for its IDP/ADP/AV/Firewall and not for routing?

I have an entire /24 of public IPs that my servers need to have. They MUST have the public IP.

Is this possible?

What I would like

Internet /24
|
V
Zyxel Firewall/IDP/ADP/AV
|
V
Switch
|
V
Many servers with public IP addresses (e.g. 8.8.8.8)

What it gives Me
V
Internet /24
V
Zyxel Firewall/IDP/ADP/AV BUT has NAT
V
Switch
V
Many servers but using Private IP (e.g. 192.168.1.2)

I was thinking of maybe just using the switch ports on the USG, and not the WAN

Would that work, or is that a messy hack?

I have a USG 50, if you know an alternative hardware such as FortiGate-100D that would be great.

Thank you.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
As long as its the USG2000 which would have the processing power to handle FW, IDP, ADP, AV at the same time.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
reply to astroroxy
The UTM performance on these devices sucks, see »USG200 speed tests #3

As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP.

astroroxy

join:2013-07-26
Newport Beach, CA
said by Brano:

The UTM performance on these devices sucks, see »USG200 speed tests #3

As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP.

I was not planing to use all of the USG features, mainly just the firewall.

I attempted to see if I could turn off NAT but that was not possible.

Lol, I can't do over 200 1 to 1 nat.

So this can not just act as a firewalled/IDP/ADP switch? Do you know of any good products that can?

Thanks.
Expand your moderator at work

astroroxy

join:2013-07-26
Newport Beach, CA
reply to Brano

Re: Zyxel USG Disable Routing/ Pass Multiple Public IP

said by Brano:

The UTM performance on these devices sucks, see »USG200 speed tests #3

As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP.

So it is not possible to just use it as a switch/firewall?

I can not do 1to1 NAT for each IP.

Do you know of any devices that can?

This device is perfect, I just want to bypass nat/dhcp routing.

Thanks

JPedroT

join:2005-02-18
kudos:1
reply to astroroxy
Inline transparent firewall is the setup you want to do. It used to be possible on some older ZyNOS based devices, never tried to do it on an USG.

Seems like you can

»faq.us.zyxel.com/Support/FAQ-Ans···?fid=355

Question is, which features do you need and what throughput.
--
"Perl is executable line noise, Python is executable pseudo-code."

astroroxy

join:2013-07-26
Newport Beach, CA
reply to astroroxy
I do not think that applies to the new USG systems.

The problem is It will not work with Multiple Public IPs (around 300 of them).

Would it be possible to completely forget the WAN link and just use the switch ports?
This might work, what do you guys think?

I just want to be able to use the Firewall/ADP/IDP and the log.

JPedroT

join:2005-02-18
kudos:1
said by astroroxy:

I do not think that applies to the new USG systems.

The problem is It will not work with Multiple Public IPs (around 300 of them).

Why not the newer devices, it says from FW 2.10 and up and why not multiple ip's, you set those on the hosts.
--
"Perl is executable line noise, Python is executable pseudo-code."


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
reply to astroroxy
The SW bridge has significant performance hit. On USG 2000 you might not feel it, but I'm afraid on USG50 you will. ... you need to do performance testing first.