Link to home
Start Free TrialLog in
Avatar of David Barman
David BarmanFlag for United States of America

asked on

Watchguard Port Translation

Need some assistance with Watchguard XTM515 firewall configuration.  We are installing a new PBX and the vendor requires some port translation and I am having difficulty figuring out how to configure the firewall to accommodate the needs.

We need the following:

Port: 16000-16511 UDP to internal IP address 10.0.0.12,
Port 5060 UDP to internal IP address number 10.0.0.11,
Port 6050 UDP (SIP) needs port number conversion to port 5060UDP Port 2727 UDP (MGCP) to internal IP address number 10.0.0.11,
Port 9300 UDP (PTAP) to internal IP address number 10.0.0.11

The 1st, 2nd, and 3rd are straightforward.   The third line with the port translation is where I am having difficulty.

Any help would be appreciated.
Avatar of Andy M
Andy M
Flag of United Kingdom of Great Britain and Northern Ireland image

Basically you want to create a SNAT entry for the device 10.0.0.11 with the internal port of 2727 (or 5060). Then create a firewall policy for the incoming connection (port 6050) to the SNAT (as the destination).

AFAIK you can't have a single incoming port translated into two different ports as the firewall will simply not understand which port is should be using to send the traffic to the device (unless it's one port from one source and another port from a different source in which case it will be two separate firewall policies).
Avatar of David Barman

ASKER

So I need to make (2) different SNAT entries, one for port 5060 and another for port 2727?
ASKER CERTIFIED SOLUTION
Avatar of Andy M
Andy M
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial