Sangfor Community»Categories Products Network Secure (NGAF) About changing the server Wan IP address

About changing the server Wan IP address

views: 995 | comments: 4 | added to Favorites 0
Lights on | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
Created: 21 May 2024 23:22

Summary:

Hi everyone I want to route my server to access the internet through a second IPv4 address I obtained from my ISP, in addition to the default WAN IP. How can I do this?

Reply

Enrico Vanzetto Posted 22 May 2024 19:39
Hi you got from your ISP a different class/subnet of public ip? If yes, simply configure another wan with this public subnet on another eth port of your NGAF and use it on source nat policy and application control policy.
Newbie451055 Posted 22 May 2024 15:50
Do you mean you want to use public IP that is not used by your device interface?
In NGAF Firewall you can create a NAT from your Server IP Address to your Public IP Address you got from ISP.
Instead of using the outbound interface, you can define another IP Address from the block IP you got from ISP.

Screenshot 2024-05-22 144826.png (15.99 KB, Downloads: 130)

Screenshot 2024-05-22 144826.png
Enrico Vanzetto Posted 22 May 2024 05:18
hi, first you have to specify your public subnet on your wan interface that include all the usable public ip that you have obtained from your ISP (for example, if you have a pool of 6 usable ip, you'll have to specify the network).
After this, on network objects section of your Ngaf, you can create a network objects about your local server by specifying his local static ip.
Afte doing that, you can create a source nat policy where you can specify the network objects about your local server as source address and your wan as destination zone (on destination address you can specify your secondary public ip address).
Lastly, you need to configure an application control policy to allow the traffic you want to go out from this local server to your wan (specifying here your secondary public ip address you want to use).
On troubleshooting section of Ngaf, you can do a precise traffic analysis by specifying your local server ip as source address in order to see what network policies are applied.