Domain Names/Static IP
Back to Top

Staic IP's and routing through 3rd party Firewall

SOLVED
Highlighted
wililupy
Visitor

Staic IP's and routing through 3rd party Firewall

Hello,

 

I noticed that one of my servers on my external static IP is constantly being bombarded with DDoS attacks. As soon as I take that server offline, the attacks stop and I can then connect to the internet successfully again.

 

Becuase of this, I decided that I am going to get a 3rd party firewall (Palo Alto PA-220) and use that to help remediate the DDoS attacks. However, an issue that I feel may happen is that I won't be able to use this firewall to manage the external IP address ranges becuase those are handled by the Cisco Gateway device that is provided by Comcast. 

Talking with their Level 3 enginieers, they said that they do not support any other modem since the routes for the static IP's that I use are hard coded in that gateway that they provide me.

 

The question I have is if I were to change the router IP address from x.x.x.62 (my external gateway address) to say x.x.x.61, which would be the PAN, and then have the PAN's next hop be x.x.x.62 and then use the NAT in the PAN to handle the external IP's, would it work, or will I end up with IP address conflicts since the Comcast gateway handles these addresses?

Has anyone set anything like this up before where all routing was handled by a 3rd party firewall/router with static IP's provided by Comcast hardware? 

 

Accepted Solution

Re: Staic IP's and routing through 3rd party Firewall

I am not able to advise on how to set up your personal network or devices as that would be past the Comcast Business demarcation policy. You're definitely able to reach out to the manufacturer of the device or any other community member is also welcome to reply with their feedback as well. 

 

Please let me know if you need anything.

View solution in context
Official Employee

Re: Staic IP's and routing through 3rd party Firewall

Hi wililupy.

 

Sorry to hear about your DDoS issues. It's true that you would have to use a leased gateway for a static IP address. It would need to be provisioned from Comcast Business so we are able to log into the interface remotely and manually load the static information. 

 

I wouldn't recommend changing the external IP address in your leased gateway. The end address (I assume in your would always be used for the gateway itself as the usable range is set for your personal device/network. 

 

Please let me know if you need anything.

wililupy
Visitor

Re: Staic IP's and routing through 3rd party Firewall

I wasn't going to change the Gateway's external gateway, what I am thinking of doing is changing the gateway on my email server to point to the PAN's external IP address (x.x.x.61) and the PAN's next hop is the Gateway's external address (x.x.x.62).I tested this with a cheap sonic wall firewall just for testing, which it does work, but I was blocking all traffic just to test and then turned off all firewall and allowed all traffic through and it was working, so I may just go with this unless you have any other ideas as to how to best secure up my external IP's?

Trying to use the gateway's interface for this it is almost like an all or nothing type of setting which doesn't work with my email server since I use IMAP and SMTP and also has a web front end for employees to be able to connect if they don't have the client installed on their devices. 

 

How do other business customers acheive this?

 

Thanks,

Luke

Official Employee

Re: Staic IP's and routing through 3rd party Firewall

I am not able to advise on how to set up your personal network or devices as that would be past the Comcast Business demarcation policy. You're definitely able to reach out to the manufacturer of the device or any other community member is also welcome to reply with their feedback as well. 

 

Please let me know if you need anything.

Community Manager
Community Manager
Moved:

Re: Staic IP's and routing through 3rd party Firewall

Discussion stats
  • 4 replies
  • 838 views
  • 0 kudos
  • 3 in conversation