Can't access internal Server in DMZ from LAN using the external Address

Question

I have a server in my DMZ which provides a service. 
 But I just can connect to it in the Zone LAN with its internal Address (10.0.X.X). When I'm trying to reach it in my LAN with the external IP or the FQDN I can't get access. I already tried every Option in the NAT Settings on my XG, but nothing seems to help. 
 I tried adding the Rules with the Server access Manager (DNAT), or adding everything manually like in the Documentation. But I still get no access with its external Address. 
 I'm using SFOS 18.0.5 Build 586

FormerMember · Accepted Answer

Hi xXTim150Xx , 
 I'd suggest you try to add the LAN zone in addition to the WAN zone on the DNAT rule as well as in the matching firewall rule, and let us know if that resolves your issue. 
 Thanks,

FormerMember · Answer

Hi and thanks for reaching out to Sophos Community.

Try adding LAN as a source zone into your Firewall as the traffic is getting generated from the LAN Zone.

If it still doesn't work, then try adding MASQ in SNAT section in your DNAT rule #1 and see if that works or not.

xXTim150Xx · Answer

Thank you H_Patel. 
 I created a linked NAT-Rule to my Firewall Rule #2. This one solved my problem

Can't access internal Server in DMZ from LAN using the external Address

Top Replies