Hello everyone!
I need some assistance/advise from the UBNT Rock Stars around here.
I have a client whose Security/DVR setup appears to have been designed in the stone age. The vendor for the DVR equiptment is being very rigid and will not change or budge on the network config. The client has been with them forever and is not willing to force the issue. So it looks like I'm the one who gets to be flexible... or breakable.
Here's the deal - they have a /28 from the ISP and are using just about all of the 13 IPs running through a Fortinet in 'Transparent Mode'. The Fortinet died and I'm trying really, realy hard to get them into an ER-8.
The way it's set up now - 7 or 8 DVR machines (PCs) are all connected to a dumb switch and the switch is connected to the Fortinet. The DVRs are all set up with Static IP addresses using the ISPs Public IP address block. Example below:
ISP Gateway: 50.1.1.1
Fortinet: 50.1.1.2
DVR1: 50.1.1.3
DVR2: 50.1.1.4
etc, etc, etc.
There is NO 'internal' network. Everything is static, and using the public IPs.
Their security company can then use the public IPs and connect directly to the DVR they need and do whatever it s they do. They've had this setup in place forever, and like I said, are unwilling to make netowrk changes because thier vendor is not being flexible (or in this centtury for that matter).
Trust me, I know the multitude of reasons why this isn't a good idea, not secure, yada, yada. I'm trying ot help out an elderly office building owner and get him out of a jam. I remember back in the day connecting a dumb switch directly to a Covad wireless T1 router and setting up machines in the 'DMZ' and it worked great! IT looks like they don't build circuits like that any more and you can't just connect a dumb stich to the ISPs router any more ( I tried).
So, to my question... Is there a configureation for the ER-8 that will allow me to keep this guys current setup? I know it's been called 'Transparent Mode' or 'Transparent DMZ' depending on the vendor, but i haven't been able to find much on the forums. I found some older stuff that stated it was not avaialable YET, but those posts were 2-3 years old now.
Any help you can give, is greatly appreciated!
-Rob