Secondary external ip adress help me please

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secondary external ip adress help me please

L0 Member
 
 

Hello there,
First of all, my English is not very good, so I apologize. I'm new to Palo Alto. So I'm a bit of a novice. In the structure I use, there are 10.0.15.15 - 16 - 17-18-19-20 external world ip addresses. These are separately assigned as mail server, backup, wifi. Let's consider one of them as connecting the 10.0.15.19 Wifi network to the outside world. I want to change this ip address with the new 20.12.102.13 ip address. But I couldn't do a round.
Where should I add the newly acquired ip address?
I will be happy if there is someone who can teach me step by step what to do. Thanks.

 


 
 

 

 
 
 
 
 
1 accepted solution

Accepted Solutions

Hi @acigdem ,

It will be good if you can share bit more information about your setup, probably screenshots or part of cli config (you can hide any IPs change them).

 

If I understand correctly

- you use different IP addresses to NAT your internal resources (mail, wifi etc) when communicating with public Internet.

- And you have assigned all these addresses directly on the firewall interface connected to your internet provider, right?

- You need to change your public network and NAT all services to new addresses, correct?

 

View solution in original post

3 REPLIES 3

Hi @acigdem ,

It will be good if you can share bit more information about your setup, probably screenshots or part of cli config (you can hide any IPs change them).

 

If I understand correctly

- you use different IP addresses to NAT your internal resources (mail, wifi etc) when communicating with public Internet.

- And you have assigned all these addresses directly on the firewall interface connected to your internet provider, right?

- You need to change your public network and NAT all services to new addresses, correct?

 

1paloınterface.JPG2palonat.JPG

 

 

 

 

 

Screenshots are above. I didn't need to hide IP. As you can see in the nat image from these ip addresses, I will change the 38 ip address as 88.254.67.87 with the ip address I just bought. Completely different rope blocks. And I will only change the wifi output ip, the other production will not change. I don't know how and where to add the new ip addresses. Ethernet/1 ISP is on port 5 on the switch. My newly defined ip addresses have been defined to this port by the ISP. Both my old ip and new ip addresses are defined to the same port. I add my new ip address under ethernet/1, then go to the nat setting and change my 38 li ip address with my new ip address, but I cannot connect to the internet. In summary, what I want to do is to change my new ip address instead of my 38 ip address. Other ip address settings will remain the same. I'm waiting for your help.

 

 

 

 

 

 

@acigdem,

Generally speaking, and it really depends on the ISP, you would just need to setup the NAT statement and add a new static route telling the firewall how to actually route the address. You don't really need to be specifying every available address individually on the interface itself, the firewall will ARP with the address properly.

ISPs in a lot of areas will use transport subnets for this so they can advertise as many ranges as you need without any major changes on the actual connection itself, it doesn't look like your ISP is doing that. I would reach out to the ISP itself and ask them what the route is for the new IP address. 

  • 1 accepted solution
  • 3336 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!