Showing results for 
Search instead for 
Did you mean: 

Who rated this post

Cyber Elite
Cyber Elite

Hi @patux80 


On the external interface pointing towards the ISP you have to use one address of the /30 subnet. With the other 16 addresses you can then do whatever you want:

  • Use one or more single (/32) addresses for loopbackinterfaces which you use for global protect or IPSec VPN for example
  • Use these addresses with NAT rules to make internal/DMZ servers publicly available
  • Create a DMZ zone where you place servers that will get IPs of this public /28 subnet
  • Split the /28 in 2 /29 and use one for a DMZ and the others for NAT
  • ...

Hope this helps.




Who rated this post