2 Replies Latest reply on Jun 12, 2007 8:04 PM by Dan Fitzpatrick

    NAT Firewall

      We have several servers hosted by a 3rd party. I have just been informed that due to a clash with another subnet that is now part of out network, they are planning to use NAT Firewalls to avoid conflicts.


      Currently all the servers are on the 10.136. subnet, but the plan is to NAT them at their end so that they appear to belong to the 10.240 network although the servers will still be on the 10.136 network on the other side of the firewalls


      Am I likely to hit any problems with this and, if so, how to I go about mitigating them?

        • 1. Re: NAT Firewall

          Forgive me of my limited networking knowledge, but I'm pretty sure as long as those servers can still be resolved by DNS and you can connect to them over port 4750 post-NAT firewall change, all you would want to do is run an Update Properties Job to ensure connectivity and you should be good to go.

          • 2. Re: NAT Firewall

            greg, you are correct. however, there is a very important distinction which needs to go in there...


            the dns records here are key and may result in two sets of records for the same set of servers depending on name resolution requirements. consider, for example, that the appserver is in subnet A while the targets are in subnet B. if you need the servers within subnet B to be able to resolve eachother by name, then you'll need DNS entries for that subnet. however, in order to execute jobs from the appserver (residing in subnet A), you have to have another set of DNS entries for the appserver to use.


            this results in two sets of records for the same servers, depending on where the queries are being executed. those in subnet B will resolve to the actual IP, while requests from subnet A will result in the NAT'ed address.