Allow External ip address through the firewall

OPTDoug

I am trying to allow a single IP address through the firewall into my work network without a VPN. I've never done that before. I am trying to connect my home network that has a static IP to my work network which also has a static IP. Is it possible to create a rule to accomplish this?
My current firewall is a T35. Any help would be appreciated.

james.carson

Hi @OPTDoug

I'm assuming that your home connection is already allowing the traffic outbound. If it is not, you'll need to make a rule to allow that there.

On the work side, you'll need to create a new rule.

If you're using policy manger:
-Go to Edit -> Add Policy
-Select the protocol from the packet filter list, or create a new custom one, and click add policy.
-in the FROM field, remove "any-trusted" and add in the IP of your home router.
-In the TO field, remove "Any-external" and add a new SNAT action (add, add snat.)

If you're using WebUI

-Go to Firewall -> SNAT (Static NAT)
-Create a new SNAT action that points at the internal PC on your work network and save it.
-go to Firewall -> Firewall Policies, and click Add Policy
-Select the protocol from the packet filter list, or create a new custom one, and click add policy.
-in the FROM field, remove "any-trusted" and add in the IP of your home router.
-In the TO field, remove "Any-external" and add the SNAT you previously created.

See:
(Add Policies to Your Configuration)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/add_policy_c.html

I would strongly suggest using a VPN instead, as that will keep your traffic encrypted. Sending it across the internet as-is would generally be frowned upon from a network security standpoint. Using a VPN also provides more access control. If this will be a long term connection, I'd suggest looking into a branch office VPN, which is transparent to the devices sending traffic to each other.