Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 9899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG HTTPS-Server in DMZ not visible from LAN

Peter Draber

I have in a Sophos XG135 a LAN area and a DMZ area in use.
In the DMZ, there is an HTTPS server. This can be reached from the Internet. Portforwarding over 4430.
A firewall rule allows a PC in the LAN to directly reach the HTTPS server.
But: in the LAN, the PC can not reach the server via its WAN address.

Expl.
WAN: 1.1.1.1 box.myserver.de
LAN: 192.168.1.0/24 - PC 192.168.1.2
DMZ: 192.168.200.0/24 - HTTPS server 192.168.200.2

From somewhere out there goes https://box.myserver.de:4430

From the PC in the LAN goes https://192.168.200.2
From the PC in the LAN is not https://1.1.1.1:4430 visible.
From the PC in the LAN is not https://1.1.1.1:4430 visible.
From the PC in the LAN is not https://box.myserver.de:4430 visible. 

From the PC in the LAN goes however https://<somewhere.in.WAN>

The background is: in the LAN, laptops are in the office and outside the office
To get the same configuration for accessing the HTTPS server.


If someone has ideas, why my concept does not go, I look forward to the answers.

Many Thanks. Peter



This thread was automatically locked due to age.
Parents
  • 0

    Hi Peter ,

    It would seem that a loopback rule was not created. While creating the DNAT rule, could you check if the reflexive rule was checked or not. Also, You may try to create  LAN to LAN rule with NAT enabled.

    For a better understanding of your packet flow, take a packet capture of the port 4430.

    e.g. console>tcpdump 'port 4430

     

  • 0 in reply to Aditya Patel

    Thank you for your answer. 
    It seems you see the right error reason. But I can't understand the LAN-LAN-construct.

    s answer make it working.  

    In a quiet time, I will study the topic "Packetflow". Thanks for this hint. 

    It was easier in my world.
    I'm going out.
    I'm coming in.
    But the reality is somewhere in between.

    Even Sheakespear probably had a Sophos as he wrote the lines:
    "There are more things in heaven and earth, Horatio, 
    Than are dreamt of in your philosophy. "

     

Reply
  • 0 in reply to Aditya Patel

    Thank you for your answer. 
    It seems you see the right error reason. But I can't understand the LAN-LAN-construct.

    s answer make it working.  

    In a quiet time, I will study the topic "Packetflow". Thanks for this hint. 

    It was easier in my world.
    I'm going out.
    I'm coming in.
    But the reality is somewhere in between.

    Even Sheakespear probably had a Sophos as he wrote the lines:
    "There are more things in heaven and earth, Horatio, 
    Than are dreamt of in your philosophy. "

     

Children
No Data