We'd love to hear about it! Click here to go to the product suggestion community
Disclaimer: This information is posted as-is and the content should be referenced at your own risk
I hope this post provides a simple guide for configuring firewall rule and NAT for LAN-to-WAN, LAN-to-VPN, and WAN-to-DMZ traffic.
More technical details can be found at
internal computers --- Port1 [XG] Port2 --- Internet
XG firewall Port1 connects to internal computers, and Port2 connects to Internet.
To allow internal computers access Internet:
1. create a firewall rule to allow LAN to WAN traffic
2. create NAT rule to apply Masquerading on LAN to WAN traffic
Note: I recommend to set "Outbound interface" to WAN interface. If outbound interface is set to "Any", the NAT rule will be applied on LAN to VPN (LAN to DMZ) traffic, and stops LAN to VPN (LAN to DMZ) traffic.
internal computers --- Port1 [XG] Port2 --- IPsec VPN --- [remote VPN gateway] --- remote VPN network
To allow internal computers access remote VPN network, just create a LAN to VPN firewall
You might need to create another firewall rule for VPN to LAN traffic.Please make sure there is no NAT rule applied to LAN to VPN traffic, unless NAT is necessary for local VPN network to reach remote VPN network.
external users --- Internet --- Port2 [XG] Port1 --- internal Exchange server
External users need to access HTTPS service on internal Exchange server by visiting XG firewall public IP.
XG firewall Port2 connects to Internet, and Port1 connects to internal Exchange server.
To allow the DNAT acess:
1. create a firewall rule to allow WAN to internal Exchange server traffic
2. create a DNAT rule