Webserver protection vs Firewall nat rules

Question

I was only successful using the webserver protection option to setup an internal webserver with its own external static ip address. For some reason using various NAT rules/firewall rules I couldn't succeed. Very basic setup, is that the only way to setup webservers?

my example: firewall external ip address xx.***.***.5
webserver via external: xx.***.***.6
used dnat rules to take traffic from any, using http, to external (.6) change dest to internal webserver, service to http

also, noticed that using webserver protection doesn't create any firewall rules?

This thread was automatically locked due to age.

DouglasFoster · Accepted Answer

Not sure that I can help with your question, but I can strongly recommend that you put a WAF in front of every website published to the internet. 
 If someone creates a bogus reply to your web site, sending 500 text characters instead of the five digits that you are expecting for a US postal zipcode: 
 
 Will your application handle the attack? 
 Will your webserver do something crazy before your application even sees the attack? 
 Do you have any idea how to test for this type of attack? 
 
 The answer to all three are probably "I don't know and I don't want to find out by surprise." 
 WAF is the defense that saves you from these types of attacks. 
 Test your WAF configuration to ensure it is locked down as tightly as possible without breaking something. In case you have not seen this elsewhere my process is: 
 
 Set defense mode to Monitor. 
 Test with known-good traffic. 
 Export the logs and review for problems. 
 Fix the problems and retest until it comes out clean. 
 One thing to look for when rigid filtering is enabled: look for rule ID numbers in square braces [90210]. Add these to the strict filter rule exception list., because they represent false positives. 
 When the test come back with no false positives, switch the firewall mode to block bad traffic

Then I suggest that you declare success and move on to a different problem.