port forwarded packets getting denied

Jared,

to help you, we need more info. Please upload a network diagram.

Thanks

Hello and thank you for the reply, I made a basic diagram, if you need more detail or it doesn't have what you are looking for just let me know.

Hi Jared,

Please share firewall rule configured on the firewall for this traffic and provide the full packet capture by following this KB Article : Sophos XG Firewall: How to capture packets and download the Packet Capture. 

Try to take packet capture on destination IP address. 

Thanks,

Thanks for the diagram. From the log, external users are trying to access your XG on port 25810.

If everything is forwarded to your XG, this is normal.

Internet users scan and try to access/break systems.

In addition: if you want to forward specific service from Internet to internal network, use dnat firewall rule as described by:

everything is not forwarded to the XG firewall from pfSense at the moment, I was thinking about doing it but haven't done at this time. Currently I only have the port 25810 forwarded and I've tried using other ports as well with the same effect. I am using an internet service, https://www.yougetsignal.com/tools/open-ports/ to test whether the port is open or not and that is the packet that is getting flagged by the firewall in this way, it's not someone trying to access the firewall. I am trying to host a service on the port however the XG firewall is stopping the packets before they can even get to the firewall forward rule that I have setup. Thanks for your help in the matter.

Hello and thanks for the reply. The rule isn't even being triggered since the packets are getting stopped here before the rule can be processed but if you still want me to post a picture of it or something I can. As for the packet capture I have it here, I did it on source ip rather than destination ip because using destination ip it would get to 1000 packets and then stop capturing in less than a second. 

https://gofile.io/?c=CD6fVg

The forums wouldn't allow me to upload the pcap file so I used the site above.

Hello and thanks for the reply. The rule isn't even being triggered since the packets are getting stopped here before the rule can be processed but if you still want me to post a picture of it or something I can. As for the packet capture I have it here, I did it on source ip rather than destination ip because using destination ip it would get to 1000 packets and then stop capturing in less than a second. 

https://gofile.io/?c=CD6fVg

The forums wouldn't allow me to upload the pcap file so I used the site above.

Can you share the firewall rules?

Ip addresses of the internal interface?

Thanks

Thanks. Ip of the Internal interface?

The lan ip is 192.168.1.200 and the host is 192.168.1.59

Jared,

While you try to access the internal service by using an external ip (from mobile I.e), can you capture a tcpdump and post the result?

Jared,

For dnat you need to create a business application rule and not a network rule.

Okay I looked at the rule that I had made first which I have disabled under the one I have in the picture. I had the source wrong which is why it wasn't working before and now it is working, thank you. However why were the packets being denied for "appliance access" anyway?