Creating port forwarding policy or rule on XG 16x.
I tried to post this to the forum but looks like it did not post. If this is a duplicate post let me know so I can remove it assuming the original one is there.
Want to create a simple step by step port forward instruction and rule. Right now want to port forward port 443 to a server behind XG.
1. Any Internet host can access server on 443 behind XG by the domain name example.net
2. My internal LAN computers can also access the internal server by it’s external domain name example.net on port 443.
I have read many posts on the port forward and access internal by it’s FQDN.
These are my instructions and they do not work. Please help correct and spot errors.
Else it is a matter of time before I find a Sophos reseller / support company and pay the I image between $100 to $200 to have them remote in and configure my rules or tell me over the phone how to do it. Either way I think if I can get a working basic simple step by step port forward set of instructions posted to the forum, it might help many others review my steps and them make simple edits for their ports and servers behind XG. So this is my attempt at getting that done.
1. Log in with admin read write access.
2. Under Protect section on the left side, click on the Firewall.
3. at the right, click on the blue box Add Firewall Rule
4. next click on either user/network rule or Business Application Rule.
5. in my case we are clicking on the Business Application Rule choice.
6. Select Business App Rule
7. Select Template – in this case I selected the DNAT / Full NAT / Load Balance
8. Give the rule a name – port 443 forwarding
9. Put a description in
10. under Source Section.
A. Source Zones = LAN
b. Allowed Client Networks = Any
c. Blocked Client Networks = left blank / empty
11. under Destination & Services section
A. Destination Host Network = WAN Interface / IP address
B. Forward type = port
C. Service port(s) = 443 TCP (or select desired port and TCP or UDP)
12. Forward to section
A. protected Server(s) = select your server(s) if you created host objects for them, select it / them.
B. Mapped type = port
C. Mapped port = 443
D. Protected Zone = LAN
13. Advanced Section
A. Intrusion Prevention = WAN to LAN
B. Traffic Shaping = NONE
C. Synchronized Security = No Restriction
D. Minimum Destination HB Permitted = no restriction
E. Routing – check the box allow rewrite source address (MASQ)
MASQ[Interface to Default I.P.]
if desired select Log firewall traffic
This rule is not working for me. Anyone spot the error or issue in the above instructions?
Under Diagnostics, I can ping the example.net domain and it pings and reports back the correct Internet WAN I.P. as seen on the AT&T DSL Modem / router. All ports in question are being port forwarded on the AT&T modem to the XG WAN port.
Also with NS lookup under the Diags tools, I can resolve example.net domain name to the correct I.P. as well. Web server is up and running fine since from LAN I can access it by LAN I.P. directly. But can not access by external name from LAN client machines and not able to access from cell phone from Internet to it. So I assume I am missing a setting or have some things wrong.
So I first need to know if I have the port forwarding set up correctly first. Then I can figure out what log to go look at after that if things are not yet working.
Chad
This thread was automatically locked due to age.
