Options

Multiple SNAT to single public IP, but on different TCP ports

tantonytantony
edited November 2023 in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

My company already had an Exacqvision server. It was on default port 80 & 22609.
We have already this policy below to SNAT from external to 10.0.0.190 (IP of existing Exacqvision Server). Now, to access the server from outside company, we just enter our public IP to a web browser, and it takes it to the server login screen. This works.

This is the existing policy , PUBLIC IP IS EDITED FOR IMAGES

Now we have a second Exacqvision server (10.0.0.191), and we want to do the same thing. The new Exacqvisino server has the same port 80 & 22609 by default, but the company that did the server install said they can change the ports on the server to 79 & 22608 so we can do SNAT.

How would I SNAT the new Exacqvision server so we can access that from external also?

Is this the correct way?

I need to add TCP ports 79 & 22608 to the already existing policy named 'CameraServer', then go to Setup, SNAT

  • IP Address or interface = 12.344.55.65
  • Internal IP address Host = 10.0.0.191
  • Set internal port to a different port = 79

Do I also need to create a new 'CameraServer-HTTP' policy?

To access it from outside company, enter public IP:79 ?

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If the internal and external port are different, I would just suggest making a new custom policy, and a new custom SNAT action.

    If they were going to the same internal IP, you could get away with recycling the existing policy, but since they're going to a different one, you'll want to use a new policy.

    -James Carson
    WatchGuard Customer Support

  • Options
    tantonytantony

    Yes, the internal and external ports are different for this new server. So I just need to create a new custom policy and add TCP ports 79 & 22608 to that. Then create a SNAT, select the same public IP, enter the internal LAN IP that's it?

    To access the server from external, just type in the public IP and port 79?
    Example, 12.344.55.65:79

    Right now we just type in 12.344.55.65 to access the existing server on port 80.

  • Options
    Bruce_BriggsBruce_Briggs

    Correct.

  • Options
    tantonytantony

    Thanks, I'll try that once they make the port changes in the server.

  • Options
    tantonytantony

    That worked, thank you. Although we had to use port 78 for http.

  • Options
    Bruce_BriggsBruce_Briggs

    "Although we had to use port 78 for http."
    Because TCP port 79 was being used for something else???

  • Options
    tantonytantony

    It seems that was the reason, but when I look at the firewall policy, I don't see anything pointing to tcp 79.

Sign In to comment.