In some cases, you may need multiple IP addresses on a single network interface, for example to host multiple services running on the same port behind the firewall. For each private IP address on the instance, an Elastic IP address is associated. The maximum number of private IP addresses depends on the instance type.
Before You Begin
- Deploy a firewall instance in AWS. For more information, see Amazon AWS Deployment.
Step 1. Add Private IP Addresses to the Network Interface
Depending on the instance type, you can add multiple additional private IP addresses to the network interface.
- Log into the AWS console.
- Click Services and select EC2.
- In the INSTANCES section of the left menu, click Instances.
- Select the firewall instance.
- In the Description tab for the firewall instance, locate the Network Interfaces parameter and click on eth0. The Network Interface eth0 popover opens.
- Click the Interface ID. The filtered list of network interfaces is displayed.
- Right-click the network interface and select Manage IP Addresses.
- Click Assign new IP
- (optional) Enter a unique Private IP. Leave empty for a free IP address in the subnet to be automatically assigned.
- Click Yes, Update.
Step 2. Create and Associate Elastic IP Addresses with the Private IPs
- Log into the AWS console.
- Click Services and select EC2.
- In the Network & Security section of the left menu, click Elastic IPs.
- Click Allocate new address.
- Click Allocate.
- Click Close.
- Right-click the new elastic IP address and select Associate.
- Select the instance and private IP address:
- Resource Type – Select Instance.
Instance – Select the firewall instance from the list
Private IP – Select the secondary IP address added in Step1 from the list.
- (optional) Reassociation – Select the check box if the Elastic IP Address is already associated with another instance.
- Click Associate.
Step 3. Add the Additional IP Address as Virtual Server IPs
Add the custom private IP addresses of both firewalls for the additional network interfaces to the virtual server IP addresses. If multiple IP addresses are used in a High Availability cluster, you must add both the private IP addresses from the primary and the secondary firewall as a virtual server IP address.
- Log into the firewall
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > S1 > Server Properties.
- Click Lock.
- In the Additional IP table, click + to add the additional private IP addresses.
- Click Send Changes and Activate.
The firewall instance is now reachable through multiple public IP addresses.
Next Steps
Adapt access rules to use the additional private IP addresses.