Firebox X Edge NAT issue

Posted on 2012-04-04
Last Modified: 2012-04-15
Trying to confiure a NAT on a Watchguard Firebox X Edge v7.5.  We need to allow an external IP to see an internal/trusted IP to allow printing over a WiFi connection.  We have set the filter rule on the firewall, however the connection is notworking, nor can we telnet to the address from the wireless connection on port 9100.

Please see attachment for current setup

I guess we need to know if this device can even do what we are asking, if so, then what we are missing or doing wrong.  Thanks in advance.
Question by:rmj6969
  • 4
  • 3
LVL 32

Expert Comment

ID: 37809443
You wish to allow incoming connection from internet, if yes, then modify the source From IP in firebox001.jpg. Remove the IP and put the public IP instead.

If you have say optional and trusted network; with being on optional then this should work.

Please give some details on the setup.

Thank you.

Author Comment

ID: 37810559
Ok, here is the setup.  We are on a hospital network (see attached image 004 for connection info).  We are also on there wireless network which is a different IP net.  The hospital IT dept. has setup the wireless NET to see the 10.5.17.* NET that we connect to.  So on our end we need to enable or allow the IP's they have given us for NAT'g to devices on out Trusted NET for the wireless devices (laptops, etc.) to be able to print, see the server, etc.

We were asked to NAT the following: > port 443 > server) port 443 > port 9100

The wireless NET (10.50.57.*) needs to be able to see the addresses above.

The wireless NET does see the External address of, we can telnet this and connect, but not the above addresses.

Author Comment

ID: 37811928
The Device is a Watchguard Firebox Edge 7.5
Build 19
Boot Rom - 7.2.1
Model X5
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

LVL 32

Expert Comment

ID: 37814929
Please ensure that there is no blocked subnet or under Firewall->Blocked Sites.

Please note as you running 7.5 version of WG software you cannot use more than public IP address on the external interface.

You can only create incoming service to allow inbound traffic on IP of external interface: WG would not listed to other IP addresses and would not NAT the traffic to internal hosts on other IP address.

>> We were asked to NAT the following:
>> > port 443
>> > server) port 443
>> > port 9100

Instead you can use IP and use different ports to forward traffic to subnet.

You would create custom service. As per firebox001.jpg; change Allow from to either ANY or or if you wish only specific machines then specify individual/range IPs of those hosts.

Please let know if you need more details.

Thank you.

Author Comment

ID: 37815080
Can you give me an example of what you mean below:

Instead you can use IP and use different ports to forward traffic to subnet.

You would create custom service. As per firebox001.jpg; change Allow from to either ANY or or if you wish only specific machines then specify individual/range IPs of those hosts.
LVL 32

Accepted Solution

dpk_wal earned 500 total points
ID: 37815372
What I mean is that on the IP; configure service to allow inbound traffic.

So, -> TCP/443 -> server) TCP/444 [or any other port; you would need to configure fax server to listen on some other port] -> TCP/9100

You would create three custom service; and for configure incoming as Allowed; from ANY; to internal-ip as above.

Further, from 10.5/16 subnet to access printer/fax server/server you would use IP

All the hosts on subnet would continue to use 192.168.1.x IP for the specific servers.

Please implement and update.

Thank you.

Author Comment

ID: 37848488

So ever since I configured the router in the way you explained, all devices are able to be connected to, except now a PC that had a RDP cannot be connected to.  We cannot RDP to only one PC that does have a rule in the router for RDP, I also cannot telnet into it using port 3389.  I can however RDP into any other PC including the server.  This is all local area network.  I have checked the PC in question, firewall, etc. and nothing has changed.  It seems to a coincidence that this is happening, but I thought if you had any insight inb the matter.  The RDP rule on the router for this PC is:

Port used: 3389
Allow IP from ANY(

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
firewall management operations 1 90
Telnet IP/port - Testing for connectivity question 11 109
SQL Server Firewall Rules... what am I missing here? 3 60
ASE reports it as spam 2 125
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now