We help IT Professionals succeed at work.

Watchguard redirect

sustrans
sustrans asked
on
Medium Priority
1,835 Views
Last Modified: 2013-11-16
I need to setup our Watchguard (X1000, Fireware v8.2.1) to redirect traffic from a specific external host via an unused external IP address from our ISP, to an internal server, limited to a single port.

In a little more detail I need an external server to communicate directly with an internal server. The external server will initiate the communication. The communication will only use a single, known port. I'd like to use one of our external IP addresses from our ISP that is not currently in use.

So the firewall rule will look something like
From: External Host
To: Our External Unused IP, redirected to an Internal Host
On Port: xxx

I'm sure this should be fairly straightforward, but the actual configuration steps are defeating me at the moment. Can anyone help please.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007
Commented:
In policy manager, click "+" icon to add service [we need to add a custom service if there is no pre-created policy for the said port]; configure the service as below:
Enabled and Allowed; from External Host; to static-NAT_OR_1-1-NAT-to-internal-server

The steps for implementing static NAT/1-1 NAT depends on software version of watchguard.

In 7.x, we would first go to Network->configuration and add alias; then in the policy/service, TO part; click ADD->NAT; select the IP added from drop down list; specify the internal machine IP.
For 1-1 NAT we would go to Setup->NAT->Advanced->1-1 NAT; here we would enable and then add entry for public IP/private IP; also add NAT exception from machine internal IP to external. After this in service we would go to TO part; click Add->Add Other; specify the 1-1 NAT IP public IP.

In 8.x or higher, for static NAT we would go to Network->Configuration->Add secondary network on External interface; and then in policy/service, TO part; click ADD->NAT; select the IP added from drop down list; specify the internal machine IP.
For 1-1 NAT we would go to Network->NAT->1-1 NAT; here we would enable and then add entry for public IP/private IP. After this in service we would go to TO part; click Add->Add Other; specify the 1-1 NAT IP public IP.

Please let know if you need more details.

Thank you.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks dpk_wall, spot on advice. Regards, Simon
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.