Hi all,
My question is about the IP addressing of an external interface of a firewall. It is obvious to use public IP addresses on the external interface. However, I need to know why? That is, what would happen if I were to use a subnet from private IP address space on the external side of the firewall? This question comes from the requirement of having two ISP connections on the external side of my firewall, which has got only one NIC for the external side. I have got two public IP address subnets assigned by two different ISP. One solution would be to use those public IP addresses on the external side, in which case the NIC of my firewall use is going to have a secondary IP address. However, if I were to use a subnet from private IP address space, and do the NAT on the firewall (Checkpoint Express by the way) for the public IP addresses, I would only need one IP address on the external interface of the firewall. So, what do you suggest/think for the IP addressing of the external interface?
Thanks!