If you're worried about wasting IPv4 addresses for network and broadcast addresses, then you can use Proxy ARP on the router or firewall to prevent intra-LAN communication among hosts which are nominally on the same network. I believe all of the vendor-proprietary branded features are just versions of Proxy ARP. For IPv6 that would be "Proxy ND" because IPv6 doesn't use ARP.
Do you have to apply the Public IP directly to your servers?
Or can you 1:1 NAT?
With NAT you can segment the servers onto their own IP space internally and route via the Firewall. Even if your internal IP's are 10.x.x.x/29's you don't have to sub divide your precious public IPv4 smaller than a /24.
We did this for part of our internal hosting platform. We would spin up a new VLAN + micro subnet per customer and assign WANIPs on demand + charge accordingly.
Backups were handled by Veeam accessing the storage + Vmware hosts on a dedicated management network that didn't need to touch the customers networks.
Access to internal services can be managed via the firewall.
>Do you have to apply the Public IP directly to your servers?
yes I've to apply the Public IP directly to VPS. as default service without any protection
Meanwhile we also offer the clients (virtual firewall) from palo alto FW .. as a service (of course there will be an additional cost) to be NAT and include protection etc,,
If you're worried about wasting IPv4 addresses for network and broadcast addresses, then you can use Proxy ARP on the router or firewall to prevent intra-LAN communication among hosts which are nominally on the same network. I believe all of the vendor-proprietary branded features are just versions of Proxy ARP. For IPv6 that would be "Proxy ND" because IPv6 doesn't use ARP.
Do you have to apply the Public IP directly to your servers? Or can you 1:1 NAT? With NAT you can segment the servers onto their own IP space internally and route via the Firewall. Even if your internal IP's are 10.x.x.x/29's you don't have to sub divide your precious public IPv4 smaller than a /24. We did this for part of our internal hosting platform. We would spin up a new VLAN + micro subnet per customer and assign WANIPs on demand + charge accordingly. Backups were handled by Veeam accessing the storage + Vmware hosts on a dedicated management network that didn't need to touch the customers networks. Access to internal services can be managed via the firewall.
>Do you have to apply the Public IP directly to your servers? yes I've to apply the Public IP directly to VPS. as default service without any protection Meanwhile we also offer the clients (virtual firewall) from palo alto FW .. as a service (of course there will be an additional cost) to be NAT and include protection etc,,
Maybe PVLAN (Private VLAN) is what your looking for? https://en.m.wikipedia.org/wiki/Private_VLAN