- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-11-2016 02:56 PM
Hi Community,
I am new to this forum and also not an exprienced person on firewall policies. So I thought to put my question on the forum. This is what I try to achieve, I have a group of web servers with one virtual IP serving two websites (HTTPS). Externally, these two websites have different public IPs. I need to apply ACL for one website and the other one is widely open for public. Can this be achieved by simply creating two differnet Security and NAT policies? Lets say the external IPs are 200.x.y.z1 and 200.x.y.z2 and the internal private IP is 10.1.1.10.
10-12-2016 12:32 AM - edited 10-12-2016 12:33 AM
Hi
if the 2 websites have different external IP addresses, this is very easily achieved
you'll need 2 NAT rules, one for each public IP address (you can already apply your ACL here, by defining a source in the 'original packet' fields)
next, you will need to create security policies, which you can also split into 2 policies (the security policy will have the pre-NAT public IP as destination) and apply your ACL by defining a source in the one policy, and setting 'any' in the other
here's an article on the matter you might like: Getting Started: Network Address Translation
10-12-2016 09:23 AM
Thanks for your reply. That's what I thought but wasn't sure if that would work. I had a chat with one guy who is a Security Administrator and have done so many firewall deployments and migrations, and he suggested to have two internal IPs one for each website. I was little confused and decided to post on here.
10-13-2016 12:44 AM
there're several options available to get your scenario to work. you can have 2 internal IPs matched to 2 external IPs or you can run both services on the same host and port and use header information for the webserver to decide which site to return, or run 2 instances on the same host on different ports and use port translation to direct your connections.
NAT is very flexible 😉
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!