Create rule in Firewall Watchguard XTM 515
Hi,
I work for a little company. We are trying to configure a legacy Watchguard Firewall but we can't guess on how creating rules for external access to an internal server through an specified port. I did this in my router at home, to redirect to my webserver, and it worked like a charm, but I see it is not the same with this Firewall device.
Can someone help us on this?
We have an external (public) IP address (suppose IP 200.200.200.200)
We have a Watchguard XTM 515 Firewall
The internal server has IP 192.168.1.100 and uses an specific port (suppose port 57690)
We want all external (internet) incoming connections to our external IP 200.200.200.200 port 57690 be allowed and re-directed to our internal IP 192.168.1.100 port 57690.
Thanks.
I work for a little company. We are trying to configure a legacy Watchguard Firewall but we can't guess on how creating rules for external access to an internal server through an specified port. I did this in my router at home, to redirect to my webserver, and it worked like a charm, but I see it is not the same with this Firewall device.
Can someone help us on this?
We have an external (public) IP address (suppose IP 200.200.200.200)
We have a Watchguard XTM 515 Firewall
The internal server has IP 192.168.1.100 and uses an specific port (suppose port 57690)
We want all external (internet) incoming connections to our external IP 200.200.200.200 port 57690 be allowed and re-directed to our internal IP 192.168.1.100 port 57690.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hypercat (Deb)
PS - the above instructions depend on your having a fairly new version of the Firebox management software installed. If you have an older version, you may have some differences in the exact procedure, but the basics are the same.
ASKER
That procedure works ok for 1 port but we need to add more than one ports.
We added external IP but we cant add more than 1 port. Is it possible using the same procedure hypercat?
We added external IP but we cant add more than 1 port. Is it possible using the same procedure hypercat?
If you have multiple TCP/IP ports that you need to redirect from the same external IP address to the same internal server, you can edit the policy template that you used to create the rule for that server. To edit the TCP/IP ports of your existing policy template:
1. In the main Policy Manager screen, click Edit/Add Policy on the menu.
2. In the Add Policy window, select the existing policy template on the list at the top, and click Edit.
3. In the Edit Policy Template window, add the TCP/IP port(s) you want to redirect to the same server.
4. Click OK to save the changes and then click Close at the bottom of the Add Policy Template window.
This will change the ports on the policy template and on any existing policies that use that template.
If you have multiple TCP/IP ports coming in through the same external IP address but being redirected to different servers, then you have to create multiple SNAT entries and then create a policy redirecting each port to the internal IP address of the server that should get that traffic. So, you'd create a new SNAT entry, create a new policy template and then add the policy with the SNAT entry for that server in the To box (i.e., the same procedure outlined in my first post).
1. In the main Policy Manager screen, click Edit/Add Policy on the menu.
2. In the Add Policy window, select the existing policy template on the list at the top, and click Edit.
3. In the Edit Policy Template window, add the TCP/IP port(s) you want to redirect to the same server.
4. Click OK to save the changes and then click Close at the bottom of the Add Policy Template window.
This will change the ports on the policy template and on any existing policies that use that template.
If you have multiple TCP/IP ports coming in through the same external IP address but being redirected to different servers, then you have to create multiple SNAT entries and then create a policy redirecting each port to the internal IP address of the server that should get that traffic. So, you'd create a new SNAT entry, create a new policy template and then add the policy with the SNAT entry for that server in the To box (i.e., the same procedure outlined in my first post).