Watchguard firebox quick question..
#1
Scooby Senior
Thread Starter
Join Date: Aug 2002
Location: 52 Festive Road
Posts: 28,311
Likes: 0
Received 0 Likes
on
0 Posts
Can a firebox pass through a single IP to a Nat'd device even though the watchguard itself has the same ip address bound to its public/wan interface ??
#2
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
If I'm reading that correctly - I don't think so. Don't know Watchguard that well, but from using Checkpoint, I doubt it would let you use the same address for your WAN interface and a NAT address.
Best way is to try it - as long as this isn't a live machine!
Chris
Best way is to try it - as long as this isn't a live machine!
Chris
#4
Scooby Regular
Join Date: Oct 2001
Location: Ashford, Kent
Posts: 1,371
Likes: 0
Received 0 Likes
on
0 Posts
Not sure if you can do this but set up a NAT entry in the HTTP filter and it'll probably work.
We always use aliases if possible so I've never actually tried it.
Cheers,
Phil
We always use aliases if possible so I've never actually tried it.
Cheers,
Phil
#5
Can you explain more?
I'm reading that as 1.1.1.1 is the NAT public IP for the firewall, and you want to allow a port (or number of ports) through to a machine inside the private NAT'd LAN?
'Simple' port forward application. POP on a SonicWall - not a clue on Watchguard!
[Edited by ChrisB - 3/14/2003 10:34:58 AM]
I'm reading that as 1.1.1.1 is the NAT public IP for the firewall, and you want to allow a port (or number of ports) through to a machine inside the private NAT'd LAN?
'Simple' port forward application. POP on a SonicWall - not a clue on Watchguard!
[Edited by ChrisB - 3/14/2003 10:34:58 AM]
#6
Scooby Regular
Join Date: Oct 2001
Location: Ashford, Kent
Posts: 1,371
Likes: 0
Received 0 Likes
on
0 Posts
I think he wants to use the the Public IP address of the Watchguard as an alias for a webserver on his private network passing port 80 traffic.
Normally you would use a 'spare' public IP of course.
One caveat with Watchguard is that anyone on the internal network will not be able to resolve the public IP address - it's a known issue.
Cheers,
Phil
Normally you would use a 'spare' public IP of course.
One caveat with Watchguard is that anyone on the internal network will not be able to resolve the public IP address - it's a known issue.
Cheers,
Phil
Trending Topics
#8
Scooby Senior
Thread Starter
Join Date: Aug 2002
Location: 52 Festive Road
Posts: 28,311
Likes: 0
Received 0 Likes
on
0 Posts
That's pretty much dead right. This company has been only assigned 2 ip addresses, one on watchguard public IP and other on their router. I couldn't figure out how their internal website was been accessed using same IP address as watchguard - I was guessing that watchguard was acting as a reverse proxy or summit.
nobody knows the passwords to access to the firewall so I couldn't just take a look at the config.
nobody knows the passwords to access to the firewall so I couldn't just take a look at the config.
#9
Port forwarding to me that. The MX record for our domain at work is the IP address of our firewall which peforms NAT but hit port 25 on it and you talk to our Exchange Server inside the LAN.
Thread
Thread Starter
Forum
Replies
Last Post