Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ Hell

Hi All,

 

I have gotten to the point of actually posting for help. I am new to this but I assure you I have read multiple documents, posts and watched videos. Still I am so stuck.

 

Here it goes:

 

Sophos XG current build

Configure-Network

Port 1 LAN 192.168.1.254/255.255.255.0

Port 2 WAN  MY IP/255.255.255.224

Port 3 DMZ 192.168.2.254/255.255.255.0

Internal network works fine. Completely connected and monitoring.

As naked as can be to eliminate any rule conflicts.

 

Have a Windows Server 2019 connected to a switch and the switch is connected to port 3

 

DMZ Firewall Rule- DMZ Source: ANY Zone/Host Destination: DMZ/Any Host

                             Rewrite MASQ (192.168.2.254)

                             Primary Gateway DHCP Port 2

 

The rules check out in Policy Testing as accepted.

 

The server has no internet connection. I am able to access the 'localhost' on this server and the website pulls up fine. Firewall/anti virus OFF.

 

Configure-Routing

192.168.1.0/255.255.255.0 Port 1

192.168.2.0/255.255.255.0 Port 2

 

Network-DNS-DNS Host Entry

My Domain Name 192.168.2.1

www.my domain 192.168.2.1

 

DNS -Request Route-Target

My Web Server

 

WEB SERVER

192.168.2.1 Port 80

 

My Domain A is set to my IP address.

 

This is the current set up. If I ping My Domain I get 'Pinging 192.168.2.1 Reply from 192.168.2.254 Destination not reachable' from a computer on the LAN...currently

 

Ping from offsite computer I get: Pinging 'MY IP Address Request Timed Out'

 

This has to be easy for someone out there!

 

 



This thread was automatically locked due to age.
Parents Reply
  • Looking around further brings up another question that may relate to my issue. My ipv4 and gateway ip are slightly different. I assigned the website name to the ipv4 as this is what ithought was my ip address. Wouldn't I want to send traffic to the gateway ip so it routes properly?

Children