Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 17 replies
  • Answers 3 answers
  • Subscribers 43 subscribers
  • Views 4082 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to access to internal server web from outside through DNAT firewall rule

Rachid MAZOUZI

Hello Please be informed that i have an ERP which is accessible locally "LAN" but when i tried to access from outside im not able to, however i set up a DNAT rule please find below the screenshot it is in french language 

i set up port forwarder on the router

Please can you assist me to solv this issue , iperfomed test with telnet ip affected to port WAN & numer of port opened



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Rachid MAZOUZI

    Very simple your external port range should be 1:65535.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Rachid MAZOUZI

    Good day Rachid,

    I suggest, if you are still having difficulty, to use the NAT Server Access Assistant found here:
    Rules and policies > NAT rules > Add NAT rule > Server access assistant (DNAT)

    I just tried this for an internal server.  It asks a couple of questions then automatically creates the DNAT & Reflexive rules along with the required firewall rule.  This only took a minute or two to get working for my particular server.

  • 0 in reply to Casual_User

    To follow-up on this, it appears you can only configure internal servers using IPv4 and not IPv6.  Unless I am missing something, the NAT and firewall rules for IPv6 have no #Ports meaning I cannot configure them to receive requests incoming on any #Ports.

  • 0 in reply to Casual_User

    Thank You Very Much i will try your solution.

  • 0 in reply to Rachid MAZOUZI

    Your Policy Check will not work that way because you try from the same IP as you try to access. 

    Try as a source IP in the Policy Check 1.2.3.4 to check, if the internet has access. If still no FW rule is matching, your firewall rule is not right. But try in the policy check: tcp://YOURWANIP:8244 instead. I am not sure, if you do https:// here, if it does not try 443 instead. 

    __________________________________________________________________________________________________________________

Unfiltered HTML