Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Port forwarding WAN to Route based VPN

I have 2 XG ver. 20 firewalls between 2 sites, both with Static public IP.

There is a SDWAN route based VPN between the 2 sites, and it works perfect. the roude precedence is SDWAN, Static, VPN.

I am trying to publish an internal server resource that resides in Site A, using the Site B WAN.

There is a firewall rule on Site B - Allow WAN to VPN, with specified TCP port number, and also a NAT rule to DNAT to the internal server.

It does not work. The packets arrive on the Site B WAN interface, and are sent out immediately on the same WAS interface, even there is an SDWAN policy to send anything destined for Site A LAN over the VPN.

I had tried using Source NAT rule as well, but the packets still exit the same WAN interface.

Edited TAGs
[edited by: Erick Jan at 4:24 AM (GMT -7) on 15 Apr 2024]