This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Publishing internal server(web,SSH) internet behind RED50 Standar/Split

Hello

I want to know if it is possible to publish 3 ports (8000,3000,3001) of a server connected to a RED50 in standard/split mode.
Currently it is working configuring the RED50 in standard/unified mode, but as all the traffic goes through the UTM Firewall and one of the ports is http, I would like to know if it is possible in standard/split mode?

This thread was automatically locked due to age.

Top Replies

BAlfson over 2 years ago in reply to Ruben Carreño Escalona +1

That is a DNAT and it's what is used when the server is behind the UTM and traffic arrives at the UTM on it's external address. If the topology is 'Internet <--> UTM <--> RED <--> Server', you must use…

Parents

BAlfson over 2 years ago

¡Hola! Ruben and welcome to the UTM Community!

Yes, but will the remote site be secure enough without the protection of the UTM in Standard/Unified?

You could just use a Full NAT or Webserver Protection in Standard/Unified.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
Ruben Carreño Escalona over 2 years ago in reply to BAlfson

Hello

I suppose that in standar/unified mode the remote site is more secure.
Currently it is configured in Full NAT standar/unified, but in case I may need Full NAT in standar/split mode how could it be done?
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 2 years ago in reply to Ruben Carreño Escalona

Please insert a picture of the Edit of your current Full NAT, Ruben.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
Ruben Carreño Escalona over 2 years ago in reply to BAlfson

Hello

this is the DNAT Rule:
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 2 years ago in reply to Ruben Carreño Escalona

That is a DNAT and it's what is used when the server is behind the UTM and traffic arrives at the UTM on it's external address.

If the topology is 'Internet <--> UTM <--> RED <--> Server', you must use a Full NAT like:

Full NAT : Internet IPv4 -> Services Geopalma -> Movistar (Address) : From Internal (Address) to Servidor Geopalma

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up +1 Vote Down

Cancel

Reply

BAlfson over 2 years ago in reply to Ruben Carreño Escalona

That is a DNAT and it's what is used when the server is behind the UTM and traffic arrives at the UTM on it's external address.

If the topology is 'Internet <--> UTM <--> RED <--> Server', you must use a Full NAT like:

Full NAT : Internet IPv4 -> Services Geopalma -> Movistar (Address) : From Internal (Address) to Servidor Geopalma

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up +1 Vote Down

Cancel

Children

Ruben Carreño Escalona over 2 years ago in reply to BAlfson

hello

is this the configuration you suggest for the full NAT?
Cancel
Vote Up 0 Vote Down

Cancel
Ruben Carreño Escalona over 2 years ago in reply to Ruben Carreño Escalona

Hello

Thank you very much for your help, that's correct, I just needed this Full NAT rule to make it work.
Cancel
Vote Up 0 Vote Down

Cancel