We're upgrading our firewall from Cisco RV042 to Netgears SRX5308, and we need to do setup the LAN4/DMZ port to handle a RANGE of static IP numbers.xxx.xxx.xxx.10 -> xxx.xxx.xxx.20We just want the called servers (with static IP no's) to go right through the Firewall, to be handled by the servers firewalls.1) Can it be done?Just bought it friday... If not, what should we use instead?2) If so, HOW?Thank's a million - do need to say we need answers asap? ;-)

I am not sure how far you got in setting up your SRX5308. It sounds like you are trying to do static routes? Were you not needing NAT at all on this unit? The classical routing should be easy to configure and you can have the IP address directly on the server: Page 33 http://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_RM_22Nov2011.pdf If you are needing NAT/Private IP address network, I would recommend setting the unit up with the WAN interfaces with secondary IP address, covered on Page 41-42. Once the secondary IP addresses are configured, you can configure the inbound and outbound firewall rules to for the secondary IP address, covered on Page 82-95. http://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_RM_22Nov2011.pdf

We have 16 static IP addresses. One of these are used for NAT, the rest are used for servers (mail, web, dns).We want to set up LAN1 with NAT for our local network and LAN4 as a DMZ port for our servers. The servers are using static IP addresses from our assigned range and the router should just let them through to the DMZ port. This is the way our old router is configured.The DMZ setup can only use NAT so that is out of the question.It seems to be impossible to route one static address to LAN1 via NAT and the rest straight to LAN4/DMZ without conflict. That was at least what I was told by Netgear's support. I was also told that all Netgear routers and fire walls are the same in this regard.Does anyone know a way around this or do we have to send it back and get a router of another make?Another thing I found, or rather did not find, was IPV6 support.Any suggestions?

There is an option to run a one-to-one nat where you can set a secondary address to point directly to a private IP address and use an outbound rule to set the private IP address to go out your secondary address.Did you have a case number for your support case?

both primary and DMZ port will have inbound/outbound rules.on each rules you should able to assign the WAN IP which you should able to assign those IP to rules on either side.

It seems impossible to do what we want with this router.We talked to Netgear's support and they could not find a way to do it.So, we have to give up and return the router and get something else.

SRX5308: How config multiple static IPno's?

13 Replies

ecase1
Novice
Oct 26, 2012
Thanks adit! I've got a followup question for you :)
Btw, I have connected all 4 WAN ports of the SRX5308 to an ISP's gateway (an SMCD3G from Comcast) and attempted production enviroment for six months. The network experience was not great, but your feedback made me think of a possible workaround.
If the SRX5308 WAN ports cannot connect to the same gateway address, what if:
*On the gateway I enable dhcp with a range of only 1 assignable ip address
*On the srx5308 WAN2 settings I set it up with a "static" ip address of the sole assignable ip address on the gateway?
Obviously this would need to be worked out further, and I still haven't solved the problem of acquiring outbound static wan ip addresses for WAN3 and WAN4 on the srx5308, but it's something, right? Or no...?
The problem with only being able to assign INBOUND traffic based on static wan IPs, but then not being able to assign static wan IPs to OUTBOUND traffic, is that this creates an asynchronous environment which results in dropped packets!
For example, if establishing a secure connection to a vendor's website, many problems come from receiving packets on one ip but then replying from another ip. And what about ip whitelisting?
Thanks in advance for any help.
jmizoguchi
Virtuoso
Oct 26, 2012
And what about ip whitelisting?

Prosecure UTM is what you want.
adit
Mentor
Oct 27, 2012
1 ISP router = 1 WAN. Else you will have problems. Read my Multi-NAT tutorial.

Forum Discussion

SRX5308: How config multiple static IPno's?

13 Replies

Related Content

SRX5308 Multiple Public IP

SRX5308 and dvr's with multiple public ip

RBR760 MULTIPLE ISSUES

Bridge 2 Networks with SRX5308 Help

Multiple SSIDs

NETGEAR Academy

ProSupport for Business