Setting Up a DMZ on Watchgaurd X 750 e

I am setting up a DMZ on a watchguard firewall.  I am not familier with watchgaurd so i have been going step by step. Here is what i have done so far. configured the 3rd port on the FW to be Optional with a private IP range of 10.0..x.x/24, I then added a switch behind the firewall with a n Ip on the same subnet, then configured the test server to have static IP on the same subnet and used ithe optional interface as Default gateway.  I need to net this address to allow the outside to hit it in the DMZ.   I can get to the server from my trusted interface but not by the IP using the browser.  I have a 1 to 1 NAt of  External  1 host  NAT Base 158.96.X.X (The reserved Public Address) to Real Base 10.0.x.x (private).  My incoming http rule is any to the 158.96.x.x address.  What am I missing?  I know this might not be diffucult for some but it's driving me crazy, So To me it's worth max points, Thanks for any help you can provide.
F_DAmicoAsked:
Who is Participating?
 
dpk_walCommented:
Can you please post few sanitized logs as requested earlier.

Thank you.
0
 
dpk_walCommented:
All things look good to me; few questions:

The public IP in question 158.96.X.X is not the interface IP of external interface on WG firewall, want to be sure.

From the server in DMZ can you ping:
 1- the WG optional interface IP, if yes, proceed [if no, then check the internal connectivity]
 2- the WG external interface IP, if yes, proceed [if no, then NAT is not working]
 3- the WG external gateway IP, if yes, proceed [if no, then NAT is not working]
 4- any website public IP, if yes, proceed [if no, then NAT is not working]
 5- any website by name, if yes, then things should work  [if no, then there is DNS issue]

Enable logging on the service for all allowed/denied packets; please post few sanitized logs from traffic monitor which would help understand where the problem is.

Thank you.
0
 
F_DAmicoAuthor Commented:

Hi DPK WAL,

I was able to do all of the below from the DMZ Server.  I am fine from inside to out  I just can't get from the outside in. Will post logs ASAP.

1- the WG optional interface IP, if yes, proceed [if no, then check the internal connectivity]
 2- the WG external interface IP, if yes, proceed [if no, then NAT is not working]
 3- the WG external gateway IP, if yes, proceed [if no, then NAT is not working]
 4- any website public IP, if yes, proceed [if no, then NAT is not working]
 5- any website by name, if yes, then things should work  [if no, then there is DNS issue]
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
dpk_walCommented:
Can you also post if you go to website, www.whatismyip.com; do you see your external interface IP or do you see the 1-1 NAT public IP; you should 1-1 NAT public IP.

Thank you.
0
 
F_DAmicoAuthor Commented:
I went out from the DMZ server and it shows the nated Public IP of the Server.
0
 
F_DAmicoAuthor Commented:
I got it working,  Part of the reason I wasn't seeing traffic was the ISP was fitering HTTP traffic. I needed  to request that the ISP allow http to this specific srever address in the DMZ.  Th TS tips realley helped to establish what was going on espcially checking What's my IP. which showed that the nated ip was correct.  
0
 
F_DAmicoAuthor Commented:
The T/S tips lead me to the answer, And solved my problem.
0
 
dpk_walCommented:
Thank you for the update and points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.