astroroxy Premium Member join:2013-07-26 Newport Beach, CA |
Zyxel USG Disable Routing/ Pass Multiple Public IPHello,
Does anyone know if it is possible to use the USG series for its IDP/ADP/AV/Firewall and not for routing?
I have an entire /24 of public IPs that my servers need to have. They MUST have the public IP.
Is this possible?
What I would like
Internet /24 | V Zyxel Firewall/IDP/ADP/AV | V Switch | V Many servers with public IP addresses (e.g. 8.8.8.8)
What it gives Me V Internet /24 V Zyxel Firewall/IDP/ADP/AV BUT has NAT V Switch V Many servers but using Private IP (e.g. 192.168.1.2)
I was thinking of maybe just using the switch ports on the USG, and not the WAN
Would that work, or is that a messy hack?
I have a USG 50, if you know an alternative hardware such as FortiGate-100D that would be great.
Thank you. |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
Anav
Premium Member
2013-Jul-26 10:06 pm
As long as its the USG2000 which would have the processing power to handle FW, IDP, ADP, AV at the same time. |
|
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
to astroroxy
The UTM performance on these devices sucks, see » USG200 speed tests #3As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP. |
|
astroroxy Premium Member join:2013-07-26 Newport Beach, CA |
astroroxy
Premium Member
2013-Jul-26 11:18 pm
said by Brano:The UTM performance on these devices sucks, see »USG200 speed tests #3
As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP. I was not planing to use all of the USG features, mainly just the firewall. I attempted to see if I could turn off NAT but that was not possible. Lol, I can't do over 200 1 to 1 nat. So this can not just act as a firewalled/IDP/ADP switch? Do you know of any good products that can? Thanks. |
|
your moderator at work
hidden :
|
astroroxy |
to Brano
Re: Zyxel USG Disable Routing/ Pass Multiple Public IPsaid by Brano:The UTM performance on these devices sucks, see »USG200 speed tests #3
As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP. So it is not possible to just use it as a switch/firewall? I can not do 1to1 NAT for each IP. Do you know of any devices that can? This device is perfect, I just want to bypass nat/dhcp routing. Thanks |
|
JPedroT Premium Member join:2005-02-18 |
to astroroxy
Inline transparent firewall is the setup you want to do. It used to be possible on some older ZyNOS based devices, never tried to do it on an USG. Seems like you can » faq.us.zyxel.com/Support ··· ?fid=355Question is, which features do you need and what throughput. |
|
astroroxy Premium Member join:2013-07-26 Newport Beach, CA |
I do not think that applies to the new USG systems.
The problem is It will not work with Multiple Public IPs (around 300 of them).
Would it be possible to completely forget the WAN link and just use the switch ports? This might work, what do you guys think?
I just want to be able to use the Firewall/ADP/IDP and the log. |
|
JPedroT Premium Member join:2005-02-18 |
JPedroT
Premium Member
2013-Jul-27 5:45 am
said by astroroxy:I do not think that applies to the new USG systems.
The problem is It will not work with Multiple Public IPs (around 300 of them).
Why not the newer devices, it says from FW 2.10 and up and why not multiple ip's, you set those on the hosts. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
to astroroxy
The SW bridge has significant performance hit. On USG 2000 you might not feel it, but I'm afraid on USG50 you will. ... you need to do performance testing first. |
|