Setting Up a DMZ on Watchgaurd X 750 e
I am setting up a DMZ on a watchguard firewall. I am not familier with watchgaurd so i have been going step by step. Here is what i have done so far. configured the 3rd port on the FW to be Optional with a private IP range of 10.0..x.x/24, I then added a switch behind the firewall with a n Ip on the same subnet, then configured the test server to have static IP on the same subnet and used ithe optional interface as Default gateway. I need to net this address to allow the outside to hit it in the DMZ. I can get to the server from my trusted interface but not by the IP using the browser. I have a 1 to 1 NAt of External 1 host NAT Base 158.96.X.X (The reserved Public Address) to Real Base 10.0.x.x (private). My incoming http rule is any to the 158.96.x.x address. What am I missing? I know this might not be diffucult for some but it's driving me crazy, So To me it's worth max points, Thanks for any help you can provide.
ASKER
Hi DPK WAL,
I was able to do all of the below from the DMZ Server. I am fine from inside to out I just can't get from the outside in. Will post logs ASAP.
1- the WG optional interface IP, if yes, proceed [if no, then check the internal connectivity]
2- the WG external interface IP, if yes, proceed [if no, then NAT is not working]
3- the WG external gateway IP, if yes, proceed [if no, then NAT is not working]
4- any website public IP, if yes, proceed [if no, then NAT is not working]
5- any website by name, if yes, then things should work [if no, then there is DNS issue]
Can you also post if you go to website, www.whatismyip.com; do you see your external interface IP or do you see the 1-1 NAT public IP; you should 1-1 NAT public IP.
Thank you.
Thank you.
ASKER
I went out from the DMZ server and it shows the nated Public IP of the Server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got it working, Part of the reason I wasn't seeing traffic was the ISP was fitering HTTP traffic. I needed to request that the ISP allow http to this specific srever address in the DMZ. Th TS tips realley helped to establish what was going on espcially checking What's my IP. which showed that the nated ip was correct.
ASKER
The T/S tips lead me to the answer, And solved my problem.
Thank you for the update and points.
The public IP in question 158.96.X.X is not the interface IP of external interface on WG firewall, want to be sure.
From the server in DMZ can you ping:
1- the WG optional interface IP, if yes, proceed [if no, then check the internal connectivity]
2- the WG external interface IP, if yes, proceed [if no, then NAT is not working]
3- the WG external gateway IP, if yes, proceed [if no, then NAT is not working]
4- any website public IP, if yes, proceed [if no, then NAT is not working]
5- any website by name, if yes, then things should work [if no, then there is DNS issue]
Enable logging on the service for all allowed/denied packets; please post few sanitized logs from traffic monitor which would help understand where the problem is.
Thank you.