internal DNAT not working

Question

hi all, 
 we have setup a DNAT to a DMZ web server which works, when people are trying to access it externally ie WAN, when they type in the FQDN it resolves to the correct external ip and they can view the website 
 we have one internal LAN network that has all outbound access all ports ie internet access, and there DNS for that FQDN is pointing to the correct external ip, so you would had thought as they have internet access and there DNS is pointing to the correct external ip, it should work but when they type in the FQDN on there machine, the webpage just times out 
 pinging/tracerout to the FQDN points them to the correct external ip and they get no hops obviously as its going out the FW and straight back in so its just one hop which is the external ip 
 any reason why this isnt working? 
 thanks, 
 rob

Bharat J · Answer

Hi Sophos User1175, 
 Please check the packet flow as per the below link 
 https://support.sophos.com/support/s/article/KB-000035761?language=en_US 
 Please check how the traffic is flowing from firewall DNAT rule as well on NAT rule for same DNAT. 
 
 You may re create the DNAT rule as per the below link and try : 
 
 https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/NATRules/RulesPoliciesCreateDNATAndFirewallRulesForInternalServers/index.html#specify-firewall-rule-settings-for-the-loopback-rule 
 
 Hope this might help to troubleshoot the issue.

internal DNAT not working

Top Replies

Submitted a Tech Support Case lately from the Support Portal?