Showing results for 
Show  only  | Search instead for 
Did you mean: 

External Interface Setup

I would like some clarification on how to setup the External interface for use with our CIDR block from Cox.  They gave us an IP and gateway and then gave us a CIDR block to use for our public IP's.

Here is what they gave us (IP's changed for security):

WAN Address

WAN Netmask

WAN Gateway

Customer CIDR Network

Customer CIDR Netmask

Number of hosts: 13

Suggested Default Gateway

First Useable

Last Useable


So for the External interface do I give it two IP's, and with a static route to

Or do I need to give it the WAN IP of and static route of and then also assign each individual Public IP from the CIDR block like,, ...

4 Replies

Re: External Interface Setup


For the second list I think these are your public IPs. They have given you a /28 which means you have 16 addresses.

1 goes for the network

1 goes for the broadcast

1 goes for the router

which leaves 13 and this ties up with the list.

Now you need to be able to route in and out of the this mini network so you need to tell this router for this mini network that it's upstream gateway is This would mean puting another IP on the external interface of the router so it's on the same network as the gateway (

I think they are expecting you to put a router on your end of the CIDR rather than a firewall with the firewall being behind your router and protecting your internal network.

I'm not sure if you can get MFE to pretent to be a router, but I think you need somekind of router in the mix to make this work.

I might be talking nonsense and you've got this all working - if so I'd love to hear the explanation of how you got it working.


Re: External Interface Setup

This is what I received from tech support:

"Yes, thesecond option to have indivudual IP's for 69.110.175.x as alias ip's ,  as WAN IP and staticroute to will work here. Usually, COX will be having therequired routing for both the subnets in its upstream router to pass the traffic."

I haven't tried it yet so I guess we will see.  When it gets cut over I will update this thread and let you know what we had to do.  I would think you could go right from the cable modem to the firewall but who knows.

Message was edited by: grinder on 3/28/13 4:44:15 PM CDT

Re: External Interface Setup


Just for giggles I tried the following.

Clean MFE virtual machine with two interfaces in a test lab.

external interface :

internal interface :

Turned on allow ICMP echo response so I could ping the external LAN.

Test virtual PC with IP and set it's default gateway to be Could successfully ping the external interface (yup I know, does not need the default gateway for this).

So far, so good nothing special here.

Added alias IP to the external interface - notice this is on a different subnet (a bit like your CIDR allocation).

I could then ping from the virtual PC. I guess it must have been routing to the firewall and the MFE knew what to do when it arrived at it's interface.

I think this will work okay.


Re: External Interface Setup

... but don't forget to let us know when you make the switch over.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community