I have a server listening on, for example, port 8084 for HTTPS and also listening for standard FTP ports. I already have a DNAT set up for public IP to internal IP of the server via a service that includes ports 8084, 21, 22 and a couple of others. I also have a Full NAT set up so internal nodes can access the server internally.
Right now, the server's HTTP site can be accessed by visiting: https://www.mysite.com:8084.
I want to change the DNAT and Full NAT so https://www.mysite.com can be used instead.
I already removed the port 8084 service from the existing DNAT and created a separate DNAT for port 443 to 8084 like below:
For traffic from: Any
Using service: HTTPS
Going to: External WAN Address
Change the destination to: Internal server Address
And the service to: 8084
Existing Full NAT:
For traffic from: Internal (Network)
Using service: Service group (8084, 21, 22 ports)
Going to: External WAN Address
Change the destination to: Internal server Address
And the service to: empty
Change the source to: Internal Gateway Address of Sophos UTM
And the service to: empty
This lets me access the server's HTTP site as expected but I get a lot of dropped traffic so it's not working properly.
Do I need to set up an additional SNAT that is the exact reverse of the DNAT?
What's the preferred way to NAT in this type of situation?
This thread was automatically locked due to age.
