Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 5569 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with masquerading and port translation when connecting from LAN to WAN address.

ServicedeskExtravar

What policy rules are required to access an application from the inside network on the outside wan address. From LAN to WAN I use masquerading and for the application I use Port translation. From the internet the application works fine using the outside ip address. From the internal LAN, the application works fine using the internal ip address. But we need to use the same ip address from both outside and inside. The outside address doesn't work from the inside LAN.



This thread was automatically locked due to age.
  • 0

    Hi,

    It is because when the internal device makes a request destined for the external address of an internal server, XG will change the destination address of the request and then forwards it on to the server's internal address. When the server receives the request, the source is the device's internal address, which it responds to directly. In most network configurations, the response does not pass back through the UTM (it goes directly to the client, through the switch). 

    Now, where is the server locate behind LAN or DMZ? To overcome this, you can configure a LAN to LAN/DMZ firewall rule like:

    Source : ANY/LAN

    Service : ANY

    Destination : Server IP/(DMZ,LAN)

    NAT : Create a Source NAT to NAT the traffic with the port address of LAN/DMZ on XG.

    Action: Accept.

    Hope this helps.