SRX5308: How config multiple static IPno's?

I am not sure how far you got in setting up your SRX5308. It sounds like you are trying to do static routes? Were you not needing NAT at all on this unit? The classical routing should be easy to configure and you can have the IP address directly on the server: Page 33 http://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_RM_22Nov2011.pdf If you are needing NAT/Private IP address network, I would recommend setting the unit up with the WAN interfaces with secondary IP address, covered on Page 41-42. Once the secondary IP addresses are configured, you can configure the inbound and outbound firewall rules to for the secondary IP address, covered on Page 82-95. http://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_RM_22Nov2011.pdf

We have 16 static IP addresses. One of these are used for NAT, the rest are used for servers (mail, web, dns).

We want to set up LAN1 with NAT for our local network and LAN4 as a DMZ port for our servers. The servers are using static IP addresses from our assigned range and the router should just let them through to the DMZ port. This is the way our old router is configured.

The DMZ setup can only use NAT so that is out of the question.

It seems to be impossible to route one static address to LAN1 via NAT and the rest straight to LAN4/DMZ without conflict. That was at least what I was told by Netgear's support. I was also told that all Netgear routers and fire walls are the same in this regard.

Does anyone know a way around this or do we have to send it back and get a router of another make?

Another thing I found, or rather did not find, was IPV6 support.

Any suggestions?

There is an option to run a one-to-one nat where you can set a secondary address to point directly to a private IP address and use an outbound rule to set the private IP address to go out your secondary address.

Did you have a case number for your support case?

both primary and DMZ port will have inbound/outbound rules.

on each rules you should able to assign the WAN IP which you should able to assign those IP to rules on either side.

It seems impossible to do what we want with this router.

We talked to Netgear's support and they could not find a way to do it.

So, we have to give up and return the router and get something else.

Is there a reason why I can only add 24 secondary ip addresses? Is there a way to increase it to 32? 24 seems so arbitrary and since we have 32 ip addresses we want to use I'd appreciate the possibility.

I would say my guess is simply limitation in the Firmware


Contact support at my.netgear.com

I think I can partially answer the OP's question, but only partially :)
I need someone like jmizoguchi to come back and clarify my info, and I also have some related questions to this issue.

Let's say we have 5 WAN static IPs from an ISP (These are just example IPs):

173.115.225.201 173.115.225.202 173.115.225.203 173.115.225.204 173.115.225.205

The ISP issued gateway/modem has a WAN static IP of:

173.115.225.206

All six IPs have the following subnet mask per ISP:

255.255.255.248

The ISP issued gateway/modem has 4 LAN ports. The SRX5308 has 4 WAN ports.
QUESTION:
Is it a good idea or bad idea to connect the gateway's 4 LAN ports to the SRX5308's 4 WAN ports?

Let's say that we went ahead and connected the gateway's 4 LAN ports to the SRX5308's 4 WAN ports.
Someone please come back and tell me if this is incorrect. (One reason that I can think of why this MAY be wrong is possibly because the SRX5308 is designed to have 4 different ISP service connections, not 1 ISP connection using all 4 WAN ports - again, I'm not sure about this...

In the SRX5308 WAN settings, we make the following IP assignments:

WAN1 = 173.115.225.201 WAN2 = 173.115.225.202 WAN3 = 173.115.225.203 WAN4 = 173.115.225.204

***This still leaves us with one IP unassigned (173.115.225.205) but we'll come back to that at the end.

The initial SRX5308 WAN settings are now all set up (or at least 4/5).
We need to setup the LAN settings now. Let's say our LAN environment consists of 5 major types of devices:

1) Personal Computers 2) Linux VoIP Servers 3) Windows Servers (running core network services such as AD CA, AD DS, DNS, WINS, etc...) 4) Web servers (mix of linux and windows) 5) WiFi devices (connected via separate WiFi router, operating only as an Access Point.

We create the following VLAN Profiles in the SRX5308 LAN Settings (not changing the default profile):

Profile Name----VLAN ID---Subnet IP-----DHCP Status--Assigned VLAN Port PCs--------------11----------10.1.11.100-----Enabled-----Port1 VoIP-------------22----------10.2.22.100-----Enabled-----Port2 WINSERVERS--33----------10.3.33.100-----Enabled-----Port3 WEBSERVERS--44----------10.4.44.100-----Enabled-----Port4 WiFi-------------55----------10.5.55.100-----Enabled-----Port???

As you can see, we didn't assign a default VLAN port to the WiFi profile.
->The reason is because I don't know how... I need help with this part! :) <-

Let's say the SRX5308's four VLAN ports each connect to an unmanaged switch, such as the NetGear GS116 (16 ports). To clarify, we have four separate unmanaged switches, each one connected to its own VLAN port on the SRX5308.

At this stage, the basic/initial WAN and LAN settings are configured.
This next stage is where I partially answer the OP's question.

Setting up a lan machine to send AND receive traffic on a WAN static IP (via the SRX5308) is done through two separate steps, Part 1 Sending and Part 2 Receiving.
SENDING
On the SRX5308 gui go to ->Network Configuration ->Protocol Binding.
On this page you can set outbound traffic by service/port, source, and destination to any of the FOUR WAN IPs configured on the SRX5308.
For example, if we want ALL of our SIP (part of VoIP) traffic to go out on WAN2, regardless of source or destination:
Select Add ->Change Service from ANY to SIP:UDP ->Change Local Gateway to WAN2 ->Do not change Source Network from ANY->Do not change Destination Network from ANY ->Select Apply.
We now have all of our LAN SIP traffic hitting the outside WAN world with the IP address of WAN2 = 173.115.225.202. Okay, I know that was an easy one. Let's try something more challenging, such as setting HTTPS traffic from VLAN profile PCs to a designated hosting vendor, such as Google Apps for Business, to go out over WAN4:
Select Add ->Change Service from ANY to HTTPS ->Change Local Gateway to WAN4 ->Change Source Network from ANY to PCs->Change Destination Network from ANY to (EITHER) a pre-designated Service Group OR select Address Range and then enter the address range that Google set your domain up with, which you can obtain via your domain registrar's dns manager site ->Select Apply.

I told you that it would be more challenging :)

BTW, to set up a pre-designated Service Group, available with firmware 3.0.8-12 and later, go to ->Security ->Services ->Service Group.
Google Apps designate multiple IP addresses in the dns A records when you sign up with them. They MAY BE dynamically assigned, but I have a few domains with Google Apps, and they all have their dns A records showing the same IP addresses for almost three years (checked today).

Okay, so we covered SENDING. Now on to RECEIVING:
Go to ->Security ->LAN WAN Rules, and review the Inbound Services section. Click Add to add a new rule.
This is where we can set inbound traffic that is directed to a specific WAN (or all WANs) to our choice of LAN machine (or machines).
On the Add LAN WAN Inbound Service page, we can control traffic by Service/Port, Action to take such as Block Always or Allow Always, Send to LAN Server, by WAN Destination IP Address, and by WAN Users (source ip). We can also assign a QoS Profile, Bandwidth Profile, and whether or not to log the action.

That's the basics to setting the ip address for sending and receiving, at least for FOUR WANs and FOUR VLANs.

I still haven't figured out how to use a fifth static ip on the WAN side, or how to connect more than FOUR VLANs at a time. Can someone please follow up with an answer these two issues for me???
How this helps!
Ethan

Let's say that we went ahead and connected the gateway's 4 LAN ports to the SRX5308's 4 WAN ports. Someone please come back and tell me if this is incorrect. (One reason that I can think of why this MAY be wrong is possibly because the SRX5308 is designed to have 4 different ISP service connections, not 1 ISP connection using all 4 WAN ports - again, I'm not sure about this...

it is worth a trying... theoretically it may work and using protocol binding .

I remember back when we just had the FVX538 and FVS336G as the only multi-WAN routers. We were specifically told not to connect multiple WAN ports to the same ISP router. It has to do with each WAN port having the same default gateway. I haven't heard the question come up since then, since the answer was always "don't do it". If you want to add additional WAN IP addresses for Services in the router, you just create the Inbound Rule and specify the WAN IP address.