?
Solved

Watchguard redirect

Posted on 2009-02-11
2
Medium Priority
?
1,760 Views
Last Modified: 2013-11-16
I need to setup our Watchguard (X1000, Fireware v8.2.1) to redirect traffic from a specific external host via an unused external IP address from our ISP, to an internal server, limited to a single port.

In a little more detail I need an external server to communicate directly with an internal server. The external server will initiate the communication. The communication will only use a single, known port. I'd like to use one of our external IP addresses from our ISP that is not currently in use.

So the firewall rule will look something like
From: External Host
To: Our External Unused IP, redirected to an Internal Host
On Port: xxx

I'm sure this should be fairly straightforward, but the actual configuration steps are defeating me at the moment. Can anyone help please.
0
Comment
Question by:sustrans
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 23619062
In policy manager, click "+" icon to add service [we need to add a custom service if there is no pre-created policy for the said port]; configure the service as below:
Enabled and Allowed; from External Host; to static-NAT_OR_1-1-NAT-to-internal-server

The steps for implementing static NAT/1-1 NAT depends on software version of watchguard.

In 7.x, we would first go to Network->configuration and add alias; then in the policy/service, TO part; click ADD->NAT; select the IP added from drop down list; specify the internal machine IP.
For 1-1 NAT we would go to Setup->NAT->Advanced->1-1 NAT; here we would enable and then add entry for public IP/private IP; also add NAT exception from machine internal IP to external. After this in service we would go to TO part; click Add->Add Other; specify the 1-1 NAT IP public IP.

In 8.x or higher, for static NAT we would go to Network->Configuration->Add secondary network on External interface; and then in policy/service, TO part; click ADD->NAT; select the IP added from drop down list; specify the internal machine IP.
For 1-1 NAT we would go to Network->NAT->1-1 NAT; here we would enable and then add entry for public IP/private IP. After this in service we would go to TO part; click Add->Add Other; specify the 1-1 NAT IP public IP.

Please let know if you need more details.

Thank you.
0
 

Author Closing Comment

by:sustrans
ID: 31546116
Thanks dpk_wall, spot on advice. Regards, Simon
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question