Hi all, I’m trying to get a concrete understanding of whats possible when it comes to using multiple FMB’s behind an enterprise network.

We have a limited number of public IPs available (under 30). That makes 1:1 NAT not feasible, as we intend to have well over 30 FMBs on the network.

I was hoping to be able to use a single external IP address, and use port address translation like this:

4.4.4.4:50060 -> 10.0.0.1:50050
4.4.4.4:50061 -> 10.0.0.2:50050
4.4.4.4:50062 -> 10.0.0.3:50050
4.4.4.4:50063 -> 10.0.0.4:50050

… and so on. When I ran a quick test at one point it seemed to work fine. But our latest test did not. Is there a way to specify alternate ports to use?

Is there a recommendation on how this can be made to work?

Thanks much,

David

What you intend to do is realized automatically by your NAT – it assigns different outbound ports for each FMB. The first one will receive port 50050 but the next ones receives either increments of 50050 or random ports depending on your NAT. This, however, is no problem because SJ will recognize the specific port and use the new one instead. However, port forwarding does not work for multiple peers so make sure that your NAT is not too restrictive.

[Author]

Posts