- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-17-2024 03:55 AM
there's a good book you can read 😉
there's a lot of stuff you can do but let's start with the basics
create 2 new layer3 zones
i'd firstly set the interface 1/1 to layer 3 mode and set it as dhcp client. that should get you a public IP automatically from your ISP
assign it the external zone
next, set the ethernet1/2 as a layer3 interface and assign it an IP address (e.g. 192.168.50.1/24) , and enable a dhcp server on that interface, make sure you set the 192.168.50.1 IP as default route in the dhcp features
now, it would be preferable if you can set your Asus in passthrough mode so it simply acts as an access point and not interfere with routing or additional NAT inside your network
don't forget to create a security rule that allows your new internal zone out to your new external zone (delete the rule that was already in place, fresh starts are better)
make sure to add your subscription profiles!
and lastly, create a NAT rule for your outbound traffic:
to ensure your firewall is able to fetch updates, configure it with a DNS server in the management section, then consider setting up 'service routes' (Device > setup > service > service routes) attached to your ethernet1/2 (as else the updates will be fetched via your managment interface which is currently not connected to anything)