Access Internal website hosted in the windows server externally

Hello, We have created a website that is hosted internally and can be accessible. But we want that website to be accessible on the internet without VPN. (I can access it with VPN) I created a DNAT rule to allow any traffic from outside to that server. Is there anything else I need to create ? Thank for your help

Parents Reply Children
  • After creating the WAF did you disable your DNAT rule and try?

    UTM - 9.712 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Yes I did.. Just to give you an overview. The website is built by a different vendor on our development server. The domain name is the but the ip address is the dev server. Now when i try to access the website off network I get redirected to the Sophos User portal. If I am able to ping doesn't that mean I should able to access the website ? My firewall rule is Any->HTTP->WAN Dev server. Thats the traffic coming from outside to inside. I had also created a rule that would allow traffic from inside to outside but that didn't help to work too. 

  • Applying rules to work with WAF and setting up WAF at the same time won't help your cause, they will battle each other for the title, so to speak and I believe the firewall rules > WAF when it comes to the order in the UTM world.  

    The rule shouldn't be needed if you are using WAF.  PING is just an acknowledgment of a packet.  It sounds like maybe your Network Definitions are off with this?  Did you check those to make sure your definition is correct?  Like I said before, you are most likely just pinging your external IP address that probably houses more than a website.  From what I can tell your WAF looks okay; I would make sure the definition is pointing to the correct IP and any other rules you have related to your dev server.

    EDIT:  Do you have more than one external IP and does your dev server 'own' one of them for itself?  Or, are you using only one external IP and using A records in DNS for your subdomains?

    UTM - 9.712 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • The DEV server has its own External IP. 

    Right now in definitions I have the Dev server name pointing to the IP. Should I may be also have another definition to point just the domain name ( to the same Dev IP? I am checking the definition and the rules again now. 

  • I didn't see your first thread, so a belated welcome to the UTM Community!

    See #2 in Rulz to  understand the priorities of how an incoming packet is handled.

    Please copy here the relevant lines from the  Web Application Firewall log when you try to connect from the outside

    Cheers - Bob.

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Just check your DNS to make sure your DNS name is directing to the same IP.

    Are there any WAF logs to show an attempted connection/refusal when you try to access it?

    UTM - 9.712 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5