Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 4823 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to make a Internal IP available for people outside our network?

Amelia Enslin1

Hi there Guys, 

 

Im new in the Windows world, which means im new to Sophos Firewall aswell. We have a windows 2012 server and that server can be accessed with a hostname outside our network. I want to add another ip on our firewall that can be access outside our network.

 

What i have done so far:

1) On our server given the IP a hostname= 192.168.1.2 is now internally accessible through accfin.fvln.co.za:8080

2) On our XG125  opened ports 80,443,8080.

3) Set Source Zone to be WAN

4) Destination to be our Port 2 (which is our broadband internet port)

5) Forwarded to the IP above which is 192.168.1.2

 

What I need to accomplish is we have a java server running where clients outside our network needs to access this server via die hostname we assigned to the server

 

But i still cant access this outside our network, what else needs to be done? 

 

With linux its easy using a Bind Server and adding a zone at your ISP, but im really having a hard time with this one.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Amelia,

    Configure Sophos XG as a DDNS server, refer to, https://community.sophos.com/kb/en-us/123126

    Then use the defined hostname and the port to access the server. If you are trying to access the internal server via RDP, then add port 3389 TCP to the services group you named as WEB Service.

    NOTE: If there is an ISP modem in front of XG then you might need to forward the necessary ports to the XG firewall's WAN interface. 

    Thanks,

  • 0 in reply to sachingurung

    Good day Guys

     

    I have successfully forwarded the RDP settings and the clients can login via rdp, but the thing is they dont want to log in via rdp they need to login via the ip to work with their systems. 

    ANd yes my port 2 is my wan (which is a broandband router giving us internet)

     

    I did setup the ddns on sophos, but am unsure on how to point that ddns example.myfirewall.co to the servers ip 192.168.1.2 and if thats done will the clients be able to connect via url straight to accfin.fvln.co.za? 

     

    Im totally confused here 

  • 0 in reply to Amelia Enslin1

    Basically you want to get a DNAT, correct? 

    You have a DNS Record ( accfin.fvln.co.za ), which points to your WAN IP of your router. The router does forward everything to the XG? 

    I would recommend to build for each service one DNAT rule. With this DNAT Rule, XG will forward RDP for example from accfin.fvln.co.za to the Windows server. 

    https://community.sophos.com/kb/en-us/122976

Reply Children
No Data