Before starting the basic configuration of the Ecessa device, it is important to decide which mode will be utilized. There are three main methods for installing an Ecessa device, Routed Mode, Translucent Mode, and NAT Mode. Use the below summaries to determine which mode is best for your company’s needs.
Routed Mode is a semi-transparent option where the network equipment directly behind the Ecessa device continues to have an IP address from the WAN subnet configured on them. Routed Mode usually requires the least amount of configuration changes to the existing network equipment (the existing firewall, etc.) and can minimize the amount of network downtime during the actual installation process. It is also dependent on the below criteria. There are two different ways to implement Routed Mode on the Ecessa. The first is:
- Existing WAN subnet mask is at least 29 bits (/29 or 255.255.255.240)
- Existing WAN has four contiguous addresses that fall within a /30
- The gateway address on the firewall or the actual gateway device address can be changed.
However, these requirements make inefficient use of available IP addresses and creates difficulty in completing changes to the WAN subnet mask information in the future (for example, if you change ISPs or receive a new subnet from them).
The second way is:
- The ISP gives you two blocks of addresses: a /30 or a /29, and a second of varying size.
- The ISP uses the /30 or /29 to route the subnet of varying size to an IP that you assign to the Ecessa, and then we configure the subnet of varying size on the LAN of the Ecessa.
Translucent Mode differs from Routed Mode in that only a single IP address from the routed WAN is needed by the Ecessa device. In this configuration both the WAN and LAN are configured with the same IP address. When available, Translucent Mode is preferable to Routed Mode because it uses only one address and can minimize or eliminate firewall and gateway changes (version 8.0 of firmware of later is required to use this mode).
NAT Mode is a technique similar to a traditional firewall. The WAN subnet mask is configured on the outside interface of the Ecessa device and all network equipment directly behind the Ecessa device has an IP address on a private network. NAT Mode does not have any special requirements and lends itself well to ISP changes. However, there are more configuration changes at the time of installation including modifying existing network equipment settings (IP information and rules sets) to reflect the new private network of the Ecessa device’s LAN.
In many networks, all three options would be suitable, and it simply comes down preference. If there are any questions about which technique should be used, refer to our help page, contact Ecessa Technical Support at firstname.lastname@example.org, or call 763-694-8875.