Here are some tips from my experiences of trying to get a 3rd party hardware firewall working with NO NAT5.
You’d have thought you could just plug the BT Infinity Modem directly into the WatchGard Firefox firewall and configure to connect with PPPoE authentication. Wrong! Because of the way NO NOT5 works, you get a dynamic IP (I believe its called your PEER address) and then some transparent routing happens on BT’s network which maps your statically assigned IP’s to your peer addresses.
IP Address details for the following examples
This is what I did to get it working in my configuration…
1) Make sure you update your username and password. When I initially logged into this router the PPPoE username was green-light@service.btclick.com, password was unknown. This must be the username and password sent to you by BT (either by email, post or both).
The other thing you need to do at this stage (which took me call to BT Business Support to find out!) was you need to tick “Add Additional Network” and add your network details. The number I put in “Router Address” was labelled “router / Hub address” in the documentation I received from BT.
2) Next, I connected the port 0 on the WatchGuard Firebox firewall (configured as an External interface with a static IP which fell within our static IP range assigned by BT) to a LAN ethernet port on the BT Business Hub
3) Went to Settings -> LAN -> NAT & Address Allocation and check the device had been noticed by the Hub and that the WAN IP Mapping said Public Fixed : n.n.n.n
As this point, it wasn’t working….. but then magically started working ( I think it takes a couple of minutes for things to settle down).
Good luck!