Multiple SNAT to single public IP, but on different TCP ports

My company already had an Exacqvision server. It was on default port 80 & 22609.
We have already this policy below to SNAT from external to (IP of existing Exacqvision Server). Now, to access the server from outside company, we just enter our public IP to a web browser, and it takes it to the server login screen. This works.

This is the existing policy , PUBLIC IP IS EDITED FOR IMAGES

Now we have a second Exacqvision server (, and we want to do the same thing. The new Exacqvisino server has the same port 80 & 22609 by default, but the company that did the server install said they can change the ports on the server to 79 & 22608 so we can do SNAT.

How would I SNAT the new Exacqvision server so we can access that from external also?

Is this the correct way?

I need to add TCP ports 79 & 22608 to the already existing policy named 'CameraServer', then go to Setup, SNAT

  • IP Address or interface = 12.344.55.65
  • Internal IP address Host =
  • Set internal port to a different port = 79

Do I also need to create a new 'CameraServer-HTTP' policy?

To access it from outside company, enter public IP:79 ?


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If the internal and external port are different, I would just suggest making a new custom policy, and a new custom SNAT action.

    If they were going to the same internal IP, you could get away with recycling the existing policy, but since they're going to a different one, you'll want to use a new policy.

    -James Carson
    WatchGuard Customer Support

  • Options

    Yes, the internal and external ports are different for this new server. So I just need to create a new custom policy and add TCP ports 79 & 22608 to that. Then create a SNAT, select the same public IP, enter the internal LAN IP that's it?

    To access the server from external, just type in the public IP and port 79?
    Example, 12.344.55.65:79

    Right now we just type in 12.344.55.65 to access the existing server on port 80.

  • Options


  • Options

    Thanks, I'll try that once they make the port changes in the server.

  • Options

    That worked, thank you. Although we had to use port 78 for http.

  • Options

    "Although we had to use port 78 for http."
    Because TCP port 79 was being used for something else???

  • Options

    It seems that was the reason, but when I look at the firewall policy, I don't see anything pointing to tcp 79.

Sign In to comment.