Hey guys i have a strange issue. Im trying to solve this problem for ages now and i just cant figure out what is causing that strange issue.
Have a look at the screenshots to understand my network. I am trying to reach the Webserver in the DMZ (192.168.200.60/24) from the Internal Network (VLAN3 - 172.16.100.100/16) when i access the public address ....187/29 because this is what the dns resolves.
I searched the internet how to do this and got 2 solutions.
One is through a static DNS entry which has the ip of the local DMZ Webserver and then I would just need to route the traffic through my ASG 8.300. This solution is working but the point is that i have multiple local destination IP-Adresses on one Public address.
So im coming to the second solution which is full nat. I have tried to set it up like this post https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/39778
I have a screenshot attached (FullNATrule) which shows how I set up the rule. If i now start a rdp session from the lan to the Public IP (...187/29) I see the used NAT rule in the Firewall log (Picture LogFirewall), the strange thing it always makes two entrys one for the nat and another for the translated packet.
When Im sniffing on the Webserver i dont see any packet incoming. It seems like the firewall does something wrong with the routing. Because the Firewall Rule matching the second packet in the FirewallLog is VLAN3 - InternetIPV4 - allow.
All these networks are local attached so i dont know why the routing could be wrong.
If I make a dnat and access the same Client from the WAN I dont have this issue it is connection via NAT. I only have this issue from the internal network.
Does anyone have an idea or maybe see the point?
This thread was automatically locked due to age.
