Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow external ip

Nicolas DOY 
I cannot allow traffic from an external ip and a specific port to my local server. I tried differents things but it doesn't work.




This thread was automatically locked due to age.
Parents
  • 0

    Hello Nicolas,

    As mentioned by Rfcat please be more specific on your setup.

    However, by the screenshots, you shared, under Destination host/Network I see a Private IP, usually, you would select the Port2 WAN to interface IP that has your public IP, if Port1 is your WAN interface, then make sure you’re allowing the traffic on that specific port, otherwise, the XG will never see the traffic.

    Also please share a screenshot of the API_CSE service you created.

    Regards,

Reply
  • 0

    Hello Nicolas,

    As mentioned by Rfcat please be more specific on your setup.

    However, by the screenshots, you shared, under Destination host/Network I see a Private IP, usually, you would select the Port2 WAN to interface IP that has your public IP, if Port1 is your WAN interface, then make sure you’re allowing the traffic on that specific port, otherwise, the XG will never see the traffic.

    Also please share a screenshot of the API_CSE service you created.

    Regards,

Children
  • 0 in reply to emmosophos

    Hi, thanks for your return, i'm going to be more explicit. First i don't know if i have to create a rule user network or application. Under API_CSE i have the protocol tcp and the port detination 3001 (see picture capture3.png). The private IP is set on the variable IP_API_CSE_ISCA (host ip).
    The port1 is the LAN and i don't know how to set or check it.
    Do you nedd more information ?

    Thanks everyone.

  • 0 in reply to emmosophos

    In fact i would like to redirect the traffic on my ip public (82.65.68.118:3001) to my internal server. On the second time i have to accept the connexion from the external ip 82.64.194.247 to my internal server without vpn on the port 3001.

  • 0 in reply to Nicolas DOY

    Hello Nicolas,

    Since you’re using version 17, you just create a Business Application rule.

    Is the Public IP assigned to the XG or the XG is seeing a Private IP on the WAN interface?

    So your Firewall rule should look like this

    Source Zones = WAN

    Destination host/Network = The WAN port

    Services = Original service or customer service (in  your case your custom port is set correctly)

    Forward to

    Protected server = This would be your server or computer you want to connect to

    Protected Zone = The zone on the XG where your server/computer is located

    Mapped Port = Usually the same set set in Services, but if your server is listening in a different Port then you will change it here.

    NOTE: This is an example with RDP, it  isn’t recommended to configure RDP on WAN

    Regards,

  • 0 in reply to emmosophos

    Hi thanks, the Ip public is not assigned on the xg, do i have to do it ?

  • 0 in reply to Nicolas DOY

    Hello Nicolas,

    It would be better for you that the XG has the Public IP assigned to the WAN interface, it isn't 100 mandatory but it’s recommended since this simplifies configurations and troubleshooting.

    if you don't want to, then make sure your upstream router has a DNAT rule passing that port number down to the XG.

    Regards,