This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Internal website hosted in the windows server externally

Hello, We have created a website that is hosted internally and can be accessible. But we want that website to be accessible on the internet without VPN. (I can access it with VPN) I created a DNAT rule to allow any traffic from outside to that server. Is there anything else I need to create ? Thank for your help

This thread was automatically locked due to age.
  • Hi Baflson..

    This did not help. I created a rule which let me access the website on VPN. I am also able to ping the website from an external network but I can't access it from the browser. 


  • You are most likely just pinging your external IP address which hosts more than a website I am guessing.

    If you couldn't access your site after setting up Webserver, then it is either incorrect or you have a routing issue.

    You may want to post some screenshots of your setup of Webserver Protection. 

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • This Ping is from an external network. I am not on VPN.

  • After creating the WAF did you disable your DNAT rule and try?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Yes I did.. Just to give you an overview. The website is built by a different vendor on our development server. The domain name is the but the ip address is the dev server. Now when i try to access the website off network I get redirected to the Sophos User portal. If I am able to ping doesn't that mean I should able to access the website ? My firewall rule is Any->HTTP->WAN Dev server. Thats the traffic coming from outside to inside. I had also created a rule that would allow traffic from inside to outside but that didn't help to work too. 

  • Yes I did.. Just to give you an overview. The website is built by a different vendor on our development server. The domain name is the but the ip address is the dev server. Now when i try to access the website off network I get redirected to the Sophos User portal. If I am able to ping doesn't that mean I should able to access the website ? My firewall rule is Any->HTTP->WAN Dev server. Thats the traffic coming from outside to inside. I had also created a rule that would allow traffic from inside to outside but that didn't help to work too. 

  • Applying rules to work with WAF and setting up WAF at the same time won't help your cause, they will battle each other for the title, so to speak and I believe the firewall rules > WAF when it comes to the order in the UTM world.  

    The rule shouldn't be needed if you are using WAF.  PING is just an acknowledgment of a packet.  It sounds like maybe your Network Definitions are off with this?  Did you check those to make sure your definition is correct?  Like I said before, you are most likely just pinging your external IP address that probably houses more than a website.  From what I can tell your WAF looks okay; I would make sure the definition is pointing to the correct IP and any other rules you have related to your dev server.

    EDIT:  Do you have more than one external IP and does your dev server 'own' one of them for itself?  Or, are you using only one external IP and using A records in DNS for your subdomains?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • The DEV server has its own External IP. 

    Right now in definitions I have the Dev server name pointing to the IP. Should I may be also have another definition to point just the domain name ( to the same Dev IP? I am checking the definition and the rules again now. 

  • Just check your DNS to make sure your DNS name is directing to the same IP.

    Are there any WAF logs to show an attempted connection/refusal when you try to access it?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)