David Barman
asked on
Watchguard Port Translation
Need some assistance with Watchguard XTM515 firewall configuration. We are installing a new PBX and the vendor requires some port translation and I am having difficulty figuring out how to configure the firewall to accommodate the needs.
We need the following:
Port: 16000-16511 UDP to internal IP address 10.0.0.12,
Port 5060 UDP to internal IP address number 10.0.0.11,
Port 6050 UDP (SIP) needs port number conversion to port 5060UDP Port 2727 UDP (MGCP) to internal IP address number 10.0.0.11,
Port 9300 UDP (PTAP) to internal IP address number 10.0.0.11
The 1st, 2nd, and 3rd are straightforward. The third line with the port translation is where I am having difficulty.
Any help would be appreciated.
We need the following:
Port: 16000-16511 UDP to internal IP address 10.0.0.12,
Port 5060 UDP to internal IP address number 10.0.0.11,
Port 6050 UDP (SIP) needs port number conversion to port 5060UDP Port 2727 UDP (MGCP) to internal IP address number 10.0.0.11,
Port 9300 UDP (PTAP) to internal IP address number 10.0.0.11
The 1st, 2nd, and 3rd are straightforward. The third line with the port translation is where I am having difficulty.
Any help would be appreciated.
ASKER
So I need to make (2) different SNAT entries, one for port 5060 and another for port 2727?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
AFAIK you can't have a single incoming port translated into two different ports as the firewall will simply not understand which port is should be using to send the traffic to the device (unless it's one port from one source and another port from a different source in which case it will be two separate firewall policies).