Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 21 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 3256 views
  • Users 0 members are here
Options
Suggested

Web Server on VLAN

Bossmanuk

Hello Everyone,

I am having a little configuration issue with my web server on a VLAN. All my VLANs have internet access but I can't seem to access my web server from outside my network. Can anyone post an example firewall rule from Public IP to VLAN please?

Thanks

Mark



Added TAGs
[edited by: Erick Jan at 9:38 AM (GMT -7) on 14 Aug 2024]
Parents
  • 0

    So, I think I am missing something here when it comes to the Sophos Setup Assistant for DNAT. When I launch it, I get prompted for the Internet IP of the Webserver which I added under Hosts and Services. I then get asked for the Public IP which again I added via Hosts and Services. Then services to allow and who externally can access these internal services which is any.

    It creates the DNAT with loopback and Reflective rules including an incoming firewall rule. My issue is I am not defining when the incoming traffic hits the LAN that it then gets filtered to the specific VLAN with that static IP.  There is clearly a step missing here as the switch has three VLANs and unless the incoming traffic knows which VLAN to look for it won’t pass the traffic.

    I added the Webserver VLAN #Port1.40 to the DMZ zone, but it did not make much of a difference. So, based on this can someone explain if I have missed a step with routing the traffic I saw somewhere someone bridged the ports and added a static route but not sure if this is needed.

Reply
  • 0

    So, I think I am missing something here when it comes to the Sophos Setup Assistant for DNAT. When I launch it, I get prompted for the Internet IP of the Webserver which I added under Hosts and Services. I then get asked for the Public IP which again I added via Hosts and Services. Then services to allow and who externally can access these internal services which is any.

    It creates the DNAT with loopback and Reflective rules including an incoming firewall rule. My issue is I am not defining when the incoming traffic hits the LAN that it then gets filtered to the specific VLAN with that static IP.  There is clearly a step missing here as the switch has three VLANs and unless the incoming traffic knows which VLAN to look for it won’t pass the traffic.

    I added the Webserver VLAN #Port1.40 to the DMZ zone, but it did not make much of a difference. So, based on this can someone explain if I have missed a step with routing the traffic I saw somewhere someone bridged the ports and added a static route but not sure if this is needed.

Children
No Data
Unfiltered HTML