Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 1613 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access from LAN to LAN webservers with direct proxy not working

Oxigen XG

Hello,

our environment is as follows:

LAN with multiple webservers with multiple domains.

Public DNS is set to XG external IP. Internal DNS servers for these domains are not setup, but DNS forwarders are working correctly, resolving to XP external IP.

WAN access to LAN webservers with WAF works correctly.

LAN access to LAN webservers with direct proxy (3128) gives error 502. Network rule allowing LAN to LAN webservers seems to work, as traffic is logged as allowed.

We have tried a DNAT rule with the same 502 error, with and without MASQ.

If we create DNS records in the internal DNS server pointing to LAN webserver's IPs, everything works correctly. But as we have multiple domains, we would prefer not to create multiple zones and records in our internal dns servers.

Is there a way from LAN to access LAN webservers with direct proxy and no internal DNS records?

Thank you,

Lluís

 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Oxigen XG,

    Do you have your web servers in different internal network? Do you have this XG firewall with public IP address on WAN interface? Please send me the screenshot of the DNAT rule that you already tried to configure.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi Oxigen XG,

    Do you have your web servers in different internal network? Do you have this XG firewall with public IP address on WAN interface? Please send me the screenshot of the DNAT rule that you already tried to configure.

    Thanks,

Children
  • 0 in reply to FormerMember

    Hello H_Patel,

     

    web servers are in the same internal network as clients. There is no DMZ.

    XG firewall public IP is on WAN interface.

     

     

    DNAT rule is on top of rules, while testing

    PC-... is a test client

    SV-... is one of the internal web servers

    Services: HTTP, HTTPS, Proxy [TCP (1:65535) / (3128)]

    IP externa is XG external public IP, where public DNS record is pointing

    We get the same result with or without MASQ, and with or without Services Proxy

     

    Thank you,

    Lluís

Unfiltered HTML