Hi guys,

Apologies if this has been covered before.

We are looking to change our firewall and router, I have evaluation units of each, I have a 2862n and a Checkpoint 1490 appliance.

We use BT as our ISP and have 5 static IP addresses.

I want the Checkpoint to do all the NAT operations as I have 3 internal hosts that need public IPs.

I have tried as a routed subnet and as a DMZ Host but neither way seems to work. I get internet access fine and my IP shows as that of the Checkpoint as expected. If I change my IP to one of those I want to be NAT'd I get no internet access at all.

This seems like a config/routing issue to me.

Is there a way this can work or am I better of getting something like the 130?

Thanks in advance,

Stew.

Just for reference the 2862 can handle all your WAN IP Aliases, I think on the 2862 they are joined to the NAT pool by default? The 2862 also has a fairly comprehensive firewall. So everything through just one device

I'm running a 2860 (predecessor to the 2862) with a /29 subnet (5 usable IP's) and everything works fine for me.

Sorry it doesn't answer your direct question, though.

John.

I've used a 2860, a 2862 and a 2925 all with 5 external IPs and no issues. (I'm pretty sure none of them default to joining the IP pool, and that's something I'd never use).

You might find this useful https://www.draytek.co.uk/support/guides/kb-vigor-multinat?return=10995309

Hi Both,

Thank you very much for your responses, they are both useful. However, I am really keen on using the Checkpoint behind the Draytek as the firewall is a lot easier to configure and maintain, please there are additional blades that I would like to use.

I have tried a number of configurations to get the static IPs to passthrough to the Drytek but have not managed it yet.

Should I consider using a Vigor 130 Modem in bridge mode?

Many thanks,

Stew