Options

Port forwarding between trusted VLANs

PhilippeDeRidderPhilippeDeRidder
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

I want to hide a server port behind the Firebox but source and destination are in trusted zone (2 different VLANs on different FB interfaces), i.e.:
10.1.1.x (clients) -> 10.1.1.1:9100 (firebox) -> 10.1.2.100:9100 (server)

SNAT is not available between trusted zones.

Any idea ?
Thanks !

Device: T35
Fireware 12.5.12

Comments

  • Options
    Bruce_BriggsBruce_Briggs
    You can have the VLAN users access the external (public) IP address.
    Use NAT loop back to allow this.
    Add the source VLAN name to the From: field of the current incoming policy with the SNAT
  • Options
    PhilippeDeRidderPhilippeDeRidder

    Actually, it needs to be the IP gateway (=firebox) on the local subnet due to VPN tunneling restrictions (traffic is blocked to other IPs even in same subnet).

  • Options
    Bruce_BriggsBruce_Briggs
    Isn’t the source IP addr of a VPN user something from the virtual IP addr pool?
  • Options
    PhilippeDeRidderPhilippeDeRidder

    it is an external VPN. The client is in the subnet and accesses a VPN server outside. I want to connect to a local printer in another subnet and avoid VPN client restrictions ;)

  • Options
    PhilippeDeRidderPhilippeDeRidder

    Any other suggestion ?

  • Options
    Bruce_BriggsBruce_Briggs
    How about adding a private subnet to your external interface and include it in the BOVPN.
    Then a NAT loop back policy might work when accessing an IP from that new private subnet
Sign In to comment.