IP to use in Drop-in Mode when Firewall is getting public IP address


#1

LAN-----Firelwall-------modem----ISP

WAN of firewall has public IP address

I would like to insert a peplink between firewall and modem in drop-in mode. Should I be using same public block IP address for Peplink?
If ISP is not giving out additional IP address, any other workaround?


#2

Yes , you need to set an IP address from the same public range on the Peplink and no other configuration needs to be changed and your Firewall can keep the default gateway setting.


#3

I tried to ask info from the ISP the below was given:

IP Address: 202.1.200.200 (for sec reason true IP was changed)
Subnet Mask: 255.255.255.255

I notice that the firewall WAN IP has that IP so maybe the modem is in bridge mode???
The subnet mask suggests to me that there is only 1 public IP address on this block, and looks like the firewall WAN interface is doing the PPPoE? Or I am not even sure whether this is PPPoE.

any ideas???


#4

I think you’ve assigned a single Public address from your ISP and if your firewall gets this IP address , your modem is in bridge mode.
you may need to ask your ISP to give you a block of 4 public IP address for drop-in mode to work.

Hootan


#5

This is not good to hear… that public IP is also tied to the MX of their mail server hosted inside their corp network so hmmm… I hope that wont be messed up their ISP will proceed to give them extra IP address.
thanks hootan… if any other work around or way of getting this done pops up, pls let me know.


#6

Yes , you’re right the IP address may change if ISP wants to assign a new block. you may need to change the MX related records.

Hootan


#7

Thanks Hootan.

Can we do something like this.

ISP----router/modem-------firewall----LAN

The router/modem is set to Router/NAT mode. WAN port of this modem will carry the public IP address. It’s LAN port and WAN port of the firewall will have private IP address.
Then set this modem DMZ (all traffic) towards the private WAN ip address of the firewall.

Then insert Peplink in between using the same block of private IP address used by modem LAN and firewall WAN ports.

Do you think this will do as a work around?


#8

This solution also works fine. in fact you’re creating a DMZ to forward all traffic and then a NAT Mapping on the Peplink to forward again to the firewall.
This will work fine. the drawback is just that you would not be able to assign Public IP address to your firewall.


#9

I was told that with the latest firmware 6.1.x, additional static public address is no longer required in drop-mode?
I cannot see any document that talks about this.
So how does the set-up works now?


#10

You can click the question mark next to “Drop-In Mode Settings”, and you can see a link to enable “share Drop-In IP”. Regarding the “Shared IP Address”, you need to enter one of the IP address that you are using behind Peplink (such as your firewall Firewall)


#11

found it, thanks Lai.


#12

Thanks Lai, I found it.