SNAT from optional interface to internal.

I have setup Optional Interface 1 as 172.16.16.1/24 to use as a web server. I have successfully setup SNAT for some of the required services which are predefined (I.E. MS-SQL-Server) and these seem to work just fine. I need to also setup SNAT for ports 9894 and 9897 and can't seem to get this to work correctly. I've got SNAT setup as follows:

Optional 1>192.168.2.4

Then a firewall policy setup

From:

172.16.16.11 to my SNAT rule setup above on ports 9894 and 9897 UDP and TCP

I'm likely missing something basic here, but can't figure out what. I can telnet from internal to 192.168.2.4 on port 9894 and receive a response. Telnetting from 172.16.16.11 to 192.168.2.4 does not work. It never connects.

Any help would be appreciated.

Thanks,

Allen Murray

Comments

  • Did you add a Custom Packet Filter for TCP & UDP ports 9894 and 9897, and then create a policy from that Custom Packet Filter with your SNAT?

  • Bruce,

    Yes, I believe so. I'm using the web interface. When creating the policy I chose Custom as the type, then chose the SNAT I created from the drop-down.

    Thanks,

    Allen Murray

  • I fixed it myself. I deleted the SNAT and policy and added both back in. It's now working. Thanks Bruce.

Sign In to comment.