Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2841 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forward traffic to 2 different servers using same port

jeyc
Hi,
i need some help on this. We have a set of 5 public IP (e.g. 197.22.150-197.22.150.5) and we want to redirect https traffic to 2 different servers, depending on the source IP.
If https traffic goes to 197.22.150.2(which is also the WAN interface of UTM), UTM9 forwards traffic to server1 [192.168.2.100]
if https traffic goes to 197.22.150.3, UTM9 forwards traffic to server2 [192.168.2.101]
The https ports cannot be changed since they are system hardcoded.


This thread was automatically locked due to age.
Parents
  • 0
    Configure the IP 197.22.150.3/32 as additional IP adress for interface WAN (Interfaces -> Additional Addresses).

    Then create 2 DNAT rules (Network Protection -> NAT -> NAT):
    Source: Any
    Service: HTTPS
    Destination: WAN (Address)
    Change Destination To: Server1
    And the service to: 
    Automatic Firewall rule: yes

    and

    Source: Any
    Service: HTTPS
    Destination: WAN Additional IP (Address)
    Change Destination To: Server2
    And the service to: 
    Automatic Firewall rule: yes

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0
    Configure the IP 197.22.150.3/32 as additional IP adress for interface WAN (Interfaces -> Additional Addresses).

    Then create 2 DNAT rules (Network Protection -> NAT -> NAT):
    Source: Any
    Service: HTTPS
    Destination: WAN (Address)
    Change Destination To: Server1
    And the service to: 
    Automatic Firewall rule: yes

    and

    Source: Any
    Service: HTTPS
    Destination: WAN Additional IP (Address)
    Change Destination To: Server2
    And the service to: 
    Automatic Firewall rule: yes

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
No Data
Cookie Information Banner