dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1846

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

astroroxy

Premium Member

Zyxel USG Disable Routing/ Pass Multiple Public IP

Hello,

Does anyone know if it is possible to use the USG series for its IDP/ADP/AV/Firewall and not for routing?

I have an entire /24 of public IPs that my servers need to have. They MUST have the public IP.

Is this possible?

What I would like

Internet /24
|
V
Zyxel Firewall/IDP/ADP/AV
|
V
Switch
|
V
Many servers with public IP addresses (e.g. 8.8.8.8)

What it gives Me
V
Internet /24
V
Zyxel Firewall/IDP/ADP/AV BUT has NAT
V
Switch
V
Many servers but using Private IP (e.g. 192.168.1.2)

I was thinking of maybe just using the switch ports on the USG, and not the WAN

Would that work, or is that a messy hack?

I have a USG 50, if you know an alternative hardware such as FortiGate-100D that would be great.

Thank you.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

As long as its the USG2000 which would have the processing power to handle FW, IDP, ADP, AV at the same time.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano to astroroxy

MVM

to astroroxy
The UTM performance on these devices sucks, see »USG200 speed tests #3

As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP.

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

astroroxy

Premium Member

said by Brano:

The UTM performance on these devices sucks, see »USG200 speed tests #3

As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP.

I was not planing to use all of the USG features, mainly just the firewall.

I attempted to see if I could turn off NAT but that was not possible.

Lol, I can't do over 200 1 to 1 nat.

So this can not just act as a firewalled/IDP/ADP switch? Do you know of any good products that can?

Thanks.
Expand your moderator at work
astroroxy

astroroxy to Brano

Premium Member

to Brano

Re: Zyxel USG Disable Routing/ Pass Multiple Public IP

said by Brano:

The UTM performance on these devices sucks, see »USG200 speed tests #3

As for your public IP requirement I don't believe you can do this. You could do 1-to-1 NAT for each public IP.

So it is not possible to just use it as a switch/firewall?

I can not do 1to1 NAT for each IP.

Do you know of any devices that can?

This device is perfect, I just want to bypass nat/dhcp routing.

Thanks
JPedroT
Premium Member
join:2005-02-18

JPedroT to astroroxy

Premium Member

to astroroxy
Inline transparent firewall is the setup you want to do. It used to be possible on some older ZyNOS based devices, never tried to do it on an USG.

Seems like you can

»faq.us.zyxel.com/Support ··· ?fid=355

Question is, which features do you need and what throughput.

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

astroroxy

Premium Member

I do not think that applies to the new USG systems.

The problem is It will not work with Multiple Public IPs (around 300 of them).

Would it be possible to completely forget the WAN link and just use the switch ports?
This might work, what do you guys think?

I just want to be able to use the Firewall/ADP/IDP and the log.
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

said by astroroxy:

I do not think that applies to the new USG systems.

The problem is It will not work with Multiple Public IPs (around 300 of them).

Why not the newer devices, it says from FW 2.10 and up and why not multiple ip's, you set those on the hosts.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano to astroroxy

MVM

to astroroxy
The SW bridge has significant performance hit. On USG 2000 you might not feel it, but I'm afraid on USG50 you will. ... you need to do performance testing first.