Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Server on VLAN

Hello Everyone,

I am having a little configuration issue with my web server on a VLAN. All my VLANs have internet access but I can't seem to access my web server from outside my network. Can anyone post an example firewall rule from Public IP to VLAN please?

Thanks

Mark



This thread was automatically locked due to age.
Parents
  • So, I think I am missing something here when it comes to the Sophos Setup Assistant for DNAT. When I launch it, I get prompted for the Internet IP of the Webserver which I added under Hosts and Services. I then get asked for the Public IP which again I added via Hosts and Services. Then services to allow and who externally can access these internal services which is any.

    It creates the DNAT with loopback and Reflective rules including an incoming firewall rule. My issue is I am not defining when the incoming traffic hits the LAN that it then gets filtered to the specific VLAN with that static IP.  There is clearly a step missing here as the switch has three VLANs and unless the incoming traffic knows which VLAN to look for it won’t pass the traffic.

    I added the Webserver VLAN #Port1.40 to the DMZ zone, but it did not make much of a difference. So, based on this can someone explain if I have missed a step with routing the traffic I saw somewhere someone bridged the ports and added a static route but not sure if this is needed.

Reply
  • So, I think I am missing something here when it comes to the Sophos Setup Assistant for DNAT. When I launch it, I get prompted for the Internet IP of the Webserver which I added under Hosts and Services. I then get asked for the Public IP which again I added via Hosts and Services. Then services to allow and who externally can access these internal services which is any.

    It creates the DNAT with loopback and Reflective rules including an incoming firewall rule. My issue is I am not defining when the incoming traffic hits the LAN that it then gets filtered to the specific VLAN with that static IP.  There is clearly a step missing here as the switch has three VLANs and unless the incoming traffic knows which VLAN to look for it won’t pass the traffic.

    I added the Webserver VLAN #Port1.40 to the DMZ zone, but it did not make much of a difference. So, based on this can someone explain if I have missed a step with routing the traffic I saw somewhere someone bridged the ports and added a static route but not sure if this is needed.

Children
No Data