Setting Up a DMZ on Watchgaurd X 750 e

I am setting up a DMZ on a watchguard firewall.  I am not familier with watchgaurd so i have been going step by step. Here is what i have done so far. configured the 3rd port on the FW to be Optional with a private IP range of 10.0..x.x/24, I then added a switch behind the firewall with a n Ip on the same subnet, then configured the test server to have static IP on the same subnet and used ithe optional interface as Default gateway.  I need to net this address to allow the outside to hit it in the DMZ.   I can get to the server from my trusted interface but not by the IP using the browser.  I have a 1 to 1 NAt of  External  1 host  NAT Base 158.96.X.X (The reserved Public Address) to Real Base 10.0.x.x (private).  My incoming http rule is any to the 158.96.x.x address.  What am I missing?  I know this might not be diffucult for some but it's driving me crazy, So To me it's worth max points, Thanks for any help you can provide.
F_DAmicoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
All things look good to me; few questions:

The public IP in question 158.96.X.X is not the interface IP of external interface on WG firewall, want to be sure.

From the server in DMZ can you ping:
 1- the WG optional interface IP, if yes, proceed [if no, then check the internal connectivity]
 2- the WG external interface IP, if yes, proceed [if no, then NAT is not working]
 3- the WG external gateway IP, if yes, proceed [if no, then NAT is not working]
 4- any website public IP, if yes, proceed [if no, then NAT is not working]
 5- any website by name, if yes, then things should work  [if no, then there is DNS issue]

Enable logging on the service for all allowed/denied packets; please post few sanitized logs from traffic monitor which would help understand where the problem is.

Thank you.
0
F_DAmicoAuthor Commented:

Hi DPK WAL,

I was able to do all of the below from the DMZ Server.  I am fine from inside to out  I just can't get from the outside in. Will post logs ASAP.

1- the WG optional interface IP, if yes, proceed [if no, then check the internal connectivity]
 2- the WG external interface IP, if yes, proceed [if no, then NAT is not working]
 3- the WG external gateway IP, if yes, proceed [if no, then NAT is not working]
 4- any website public IP, if yes, proceed [if no, then NAT is not working]
 5- any website by name, if yes, then things should work  [if no, then there is DNS issue]
0
dpk_walCommented:
Can you also post if you go to website, www.whatismyip.com; do you see your external interface IP or do you see the 1-1 NAT public IP; you should 1-1 NAT public IP.

Thank you.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

F_DAmicoAuthor Commented:
I went out from the DMZ server and it shows the nated Public IP of the Server.
0
dpk_walCommented:
Can you please post few sanitized logs as requested earlier.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
F_DAmicoAuthor Commented:
I got it working,  Part of the reason I wasn't seeing traffic was the ISP was fitering HTTP traffic. I needed  to request that the ISP allow http to this specific srever address in the DMZ.  Th TS tips realley helped to establish what was going on espcially checking What's my IP. which showed that the nated ip was correct.  
0
F_DAmicoAuthor Commented:
The T/S tips lead me to the answer, And solved my problem.
0
dpk_walCommented:
Thank you for the update and points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.