I am setting up a DMZ on a watchguard firewall. I am not familier with watchgaurd so i have been going step by step. Here is what i have done so far. configured the 3rd port on the FW to be Optional with a private IP range of 10.0..x.x/24, I then added a switch behind the firewall with a n Ip on the same subnet, then configured the test server to have static IP on the same subnet and used ithe optional interface as Default gateway. I need to net this address to allow the outside to hit it in the DMZ. I can get to the server from my trusted interface but not by the IP using the browser. I have a 1 to 1 NAt of External 1 host NAT Base 158.96.X.X (The reserved Public Address) to Real Base 10.0.x.x (private). My incoming http rule is any to the 158.96.x.x address. What am I missing? I know this might not be diffucult for some but it's driving me crazy, So To me it's worth max points, Thanks for any help you can provide.