Access Internal website hosted in the windows server externally

Hello, We have created a website that is hosted internally and can be accessible. But we want that website to be accessible on the internet without VPN. (I can access it with VPN) I created a DNAT rule to allow any traffic from outside to that server. Is there anything else I need to create ? Thank for your help

Parents Reply Children
  • Yes I did.. Just to give you an overview. The website is built by a different vendor on our development server. The domain name is the but the ip address is the dev server. Now when i try to access the website off network I get redirected to the Sophos User portal. If I am able to ping doesn't that mean I should able to access the website ? My firewall rule is Any->HTTP->WAN Dev server. Thats the traffic coming from outside to inside. I had also created a rule that would allow traffic from inside to outside but that didn't help to work too. 

  • Applying rules to work with WAF and setting up WAF at the same time won't help your cause, they will battle each other for the title, so to speak and I believe the firewall rules > WAF when it comes to the order in the UTM world.  

    The rule shouldn't be needed if you are using WAF.  PING is just an acknowledgment of a packet.  It sounds like maybe your Network Definitions are off with this?  Did you check those to make sure your definition is correct?  Like I said before, you are most likely just pinging your external IP address that probably houses more than a website.  From what I can tell your WAF looks okay; I would make sure the definition is pointing to the correct IP and any other rules you have related to your dev server.

    EDIT:  Do you have more than one external IP and does your dev server 'own' one of them for itself?  Or, are you using only one external IP and using A records in DNS for your subdomains?

    UTM - 9.712 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • The DEV server has its own External IP. 

    Right now in definitions I have the Dev server name pointing to the IP. Should I may be also have another definition to point just the domain name ( to the same Dev IP? I am checking the definition and the rules again now. 

  • Just check your DNS to make sure your DNS name is directing to the same IP.

    Are there any WAF logs to show an attempted connection/refusal when you try to access it?

    UTM - 9.712 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5