New BT line
We have our new BT line ready and installed. They have supplied us with a router and now I've got to setup the firewall
Firewall is a palo alto 500. I have to give the palo interface address and set them to layer 3 for nat.
I'm a little confussed on what ips to give it. I'm I right the Internet port on the palo needs an address in the same rang as the BT router and the LAN needs an ip in the same range as my local LAN? Then the local LAN ip on the palo becomes my default gateway?
I'm I on the right track??
Then with the NAT add the rest of the pool of external address into the pool and point them to the local lan ip?
What size subnet have you been given from your broadband provider?
You should have a inside (internal network) and outside (BT subnet) IP on the firewall, you might then assign a single IP for PAT. You should set your fw to be the default gateway on your network, well, you don't have to... it depends on your network setup, it's a bit of a horses for courses and what you have in place.
If you've only been given one address, the router should play 'dumb' and the firewall should be your clients default gateway (depending on layout) but not have an 'outside' address.
We have been given a 10 external ips one has already been given to th BT router
Subnet is 255.255.255.240
So do I give another one to the port on the firewall tht connects to the router from the BT range? Then on the that LAN port on the firewall one from out local range?
Yes, and the firewall having an IP on both ranges - your clients would point to it (if on the same range as the firewall, i'm guessing so).
Thanks, sounds like a plan then,
Ill have a read up about NAT
NAT isn't so bad, if you're totally knackered pm me and i'll check it when i can.