Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Watchguard X700 Firewall - Configure Static NAT or Complete DMZ

Posted on 2010-09-20
2
Medium Priority
?
1,116 Views
Last Modified: 2012-05-10
Hi, I've got a voip application which needs either a Static NAT or a complete DMZ. Firewall is an old Watchguard X700 Firewall.

Can someone post a step by step to get the box to do DMZ to an internal machine. Statically map an external address to an internal for example.

We've done this as many times but it's just not working.

Thanks
0
Comment
Question by:binele
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 33730864
If you have a public IP which you would like to dedicate for the VoIP device so that WG would not do any
PAT, then configure 1-1 NAT as below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1545/kw/1-1%20NAT%20configuration/session/L3NpZC9pTjd0dENhaw%3D%3D

Also, ensure that the public IP you have selected for 1-1 NAT was not previously added for static NAT forwarding by adding under external aliases:
http://watchguard.custhelp.com/app/answers/detail/a_id/1318/session/L3NpZC9pTjd0dENhaw%3D%3D

Finally create a service to allow traffic from external host/subnet to this 1-1 NAT public IP [or use ANY for testing purposes and then narrow down the service to fewer ports/protocols]; explained in the first article.

Please update.

Thank you.
0
 

Author Comment

by:binele
ID: 33734061
Thank you. This was spot on.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question