I have a Watchguard XTM 8 series firewall, and it is setup in mixed routing mode. I have a /24 public IP range and I want to pass one of those IPs to another interface on the firewall WITHOUT using NAT – because I want to connect a Cisco router to it to do VPN Clients for Macs, which won't work behind NAT. Is there anyway to do this? I cannot figure it out for the life of me.
Watchguard Firewall – bridge a public IP to another interface
bridgewatchguard
Related Topic
- Router – Two companies one Internet connection, Passthrough Public IP
- Watchguard XTM Internal Policy Denial
- Watchguard firebox: public IP addresses behind firewall with as much usable IP addresses as possible
- Nat – Watchguard VLAN Head-Grasping needed
- Firewall – Adding second firewall to ISP connection with multiple subnets
- Docker – Why do we need a LAN physical interface bridged with OpenVPN TAP interface to get functional OpenVPN in bridge mode
Best Answer
As they have a separate bridge feature that you need to configure - and you can't configure it to bridge external interfaces - I'm not too surprised it doesn't know how to deal with overlapping subnets configured on two external interfaces.
If you have a switch on the external side of the Watchguard, you could connect the Cisco router to it and they would both be in the same /24. You would lose having it behind the Watchguard, but that doesn't sound like a lot of change in security.
Otherwise, I think you need to look at drop-in mode.
The Watchguard SSL VPN client is available for Mac, too.