cancel
Showing results for 
Search instead for 
Did you mean: 

Public IP-Addresses configuraed as aliases on external Iface.

Jump to solution

Hi,

Customer has a public IP-Address segment and they want to use those ip addresses to publish internet services to be accessed from Internet.

Customer has the following scenario.

External Iface:  x.x.x.130/25  so they are able to use from x.x.x.130 to x.x.x.254

They want to use their pulbic ip address range from: IP x.x.x.140 to IP x.x.x.145 to publish services to be accessed from internet, and then redirect that traffic to an internal server which is the application service or http web server, etc... .

So, for doing this at the McAfee Firewall running version 8.3 is it as simple as add those IP-address (one by one) on the external interface as alias iinterfaces and then create and configure the rules as follow:

App: http

Source Iface: External

Source: Any

Dest Iface: External

Destination: x.x.x.140  ( which is an alias ip configured on the external iface.

Redirect Address: Internal_server_IPAddress

Thank you !

1 Solution

Accepted Solutions
PhilM
Level 14
Report Inappropriate Content
Message 2 of 4

Re: Public IP-Addresses configuraed as aliases on external Iface.

Jump to solution

Yes Alex, that's pretty much it.

It is necessary to add the IP address as an alias on the interface screen and create a network object to be used in the rule. If I encounter any issues with my customers it is that they have created the network objects (so the rule looks OK) but forget to add the alias address on the interface.

Another potential scenario is if you have (lets say) 5 public IPs and 5 web servers on your internal LAN. You can create 5 individual rules, but you can also make use of the Netmap object. You define your IP address objects for the respective internal and external IP addresses and then create a Netmap object (mapping external addresses to their corresponding internal redirects). Though I haven't done this myself for a while, I beieve you then use this Netmap object as the destination value in the rule and it will then automatically use the mapping in place of the redirect host value. This consolidates the 5 rules you would have previously created into a single rule.

-Phil.

3 Replies
PhilM
Level 14
Report Inappropriate Content
Message 2 of 4

Re: Public IP-Addresses configuraed as aliases on external Iface.

Jump to solution

Yes Alex, that's pretty much it.

It is necessary to add the IP address as an alias on the interface screen and create a network object to be used in the rule. If I encounter any issues with my customers it is that they have created the network objects (so the rule looks OK) but forget to add the alias address on the interface.

Another potential scenario is if you have (lets say) 5 public IPs and 5 web servers on your internal LAN. You can create 5 individual rules, but you can also make use of the Netmap object. You define your IP address objects for the respective internal and external IP addresses and then create a Netmap object (mapping external addresses to their corresponding internal redirects). Though I haven't done this myself for a while, I beieve you then use this Netmap object as the destination value in the rule and it will then automatically use the mapping in place of the redirect host value. This consolidates the 5 rules you would have previously created into a single rule.

-Phil.

Re: Public IP-Addresses configuraed as aliases on external Iface.

Jump to solution

Hi Phil,

Thanks for your input.,

Is there a limit for alias interfaces? Customer wants to enable arround 105  ip addresses for different services.

Thank you.

Highlighted
sliedl
Level 14
Report Inappropriate Content
Message 4 of 4

Re: Public IP-Addresses configuraed as aliases on external Iface.

Jump to solution

105 addresses will be fine.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community