IP address ranges and comments

[stevebone]

This may be a stupid question, but can Firewall-1 allow IP address ranges through, and comments about these connections? We are looking at purchasing a new firewall, and are considering Firewall-1, but it has to meet this criteria.

Thanks

 

[Piloria]

we have 2 address ranges on our firewall
one has the external ip address of the firewall
the other we use for DMZ servers
as long as the external router routes to the firewall as the next hop then the firewall can handle multiple ranges.

appart from that the firewall works just like a router

 

[stevebone]

Sorry, I meant to ask if I could allow IP address ranges through from external sites without using NAT?

Thanks %-)

 

[Piloria]

explain - ???
are you looking to allow external ip addresses to be passed to your servers without being changed - that should happen.

i am not sure what you are asking but nat is usualy used to hide private address ranges

 

[stevebone]

I work for an NHS Trust Hospital, a number of our GP practices need acces to our network, and we wish to allow their range of IP address access without having to create individual rules for each one (because they are using DHCP). With our current firewall, we have to specify each incoming IP address, and their access. Hope this is clearer

 

[Piloria]

if you create a network object
(contains ip address and subnet i.e 192.168.1.0 255.255.255.0)
you can define the ip range it is covering and this object can then be used within the rule base
so you can have a rule covering a network range
you can also create a group object that contains a number of network objects and use this group object

so in answer - yes you can

 

[stevebone]

Thanks very much!