I've read a few things indicating that when you have a static IP block, you *have* to use an SMC modem-plus-gateway and cannot use a modem-only device. While I have yet to come across a good, technical reason for this restriction, it does raise some questions.
If as a customer I have, say, a 13 static IP address block, and I want to host 13 servers, with each server protected by a firewall of my choosing, that would require 13 firewalls to host 13 servers with 13 IP addresses configured on each firewall. However, if I could have a modem-only device (without the gateway component), I could use a single firewall as the gateway and host the 13 servers with much less equipment and with just as much security.
So what's the best way to go about this as a customer? How can I set up a network, use all of my static IPs, and not be overwhelmed with the number of routers that are (apparently) necessary for the task? Is this just not possible? How do others go about using their many static IP addresses?
You could use a software firewall on each of them.
I'd personally prefer to use a cisco w/ ios* vs the smc, but haven't figured that out.
* one reason is so I can syslog denied packets to my loghost. If the smc can do that,
those bits are hidden from us
Basically. Not only better logging, but maintenance, security, VPN configuration, there's many benefits to a good firewall. And considering the level of access the consumer has to a Comcast modem (essentially none), it's not out of the question that some businesses would need a better solution.
But your answer of "use a software firewall" sounds to me like a shrug, that there is no option that would adequately meet the customer's needs. Do you happen to know what technical limitations exist (if any) that prohibit modems from operating correctly with a business account with static IPs?
Welcome Patrick. It is possible to assign multiple static IP's to your firewall. While the configuration of the firewall is beyond the Comcast dmarc here is a link to a Cisco document that provides some information on the topic. These steps are basically the same for other network appliances. If you will send me the info on the type of firewall I will locate the manufacture specific details.