I’ve been having some real ‘fun’ with this today – with a /29 range you would expect to be able to configure an X550e with XTM 11.1 to be able to listen for incoming SSL connections on only 1 IP address – especially as the configuration screen for the SSL asks which address to listen to…. but no – it will listen on all, regardless. All I wanted to do was NAT 443 on the next available public IP to a server in the DMZ, but no – SSL grabs the connection first.
I even tried amending the auto created SSL rule to replace the ‘firebox’ under To to only listen to the IP I wanted. But no – the damn thing listens on all. Call currently open with WatcGuard whilst I scan the change notes in the later versions…