Allow External ip address through the firewall

OPTDougOPTDoug
edited April 24 in Firebox - Other

I am trying to allow a single IP address through the firewall into my work network without a VPN. I've never done that before. I am trying to connect my home network that has a static IP to my work network which also has a static IP. Is it possible to create a rule to accomplish this?
My current firewall is a T35. Any help would be appreciated.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @OPTDoug

    I'm assuming that your home connection is already allowing the traffic outbound. If it is not, you'll need to make a rule to allow that there.

    On the work side, you'll need to create a new rule.

    If you're using policy manger:
    -Go to Edit -> Add Policy
    -Select the protocol from the packet filter list, or create a new custom one, and click add policy.
    -in the FROM field, remove "any-trusted" and add in the IP of your home router.
    -In the TO field, remove "Any-external" and add a new SNAT action (add, add snat.)

    If you're using WebUI

    -Go to Firewall -> SNAT (Static NAT)
    -Create a new SNAT action that points at the internal PC on your work network and save it.
    -go to Firewall -> Firewall Policies, and click Add Policy
    -Select the protocol from the packet filter list, or create a new custom one, and click add policy.
    -in the FROM field, remove "any-trusted" and add in the IP of your home router.
    -In the TO field, remove "Any-external" and add the SNAT you previously created.

    See:
    (Add Policies to Your Configuration)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/add_policy_c.html

    I would strongly suggest using a VPN instead, as that will keep your traffic encrypted. Sending it across the internet as-is would generally be frowned upon from a network security standpoint. Using a VPN also provides more access control. If this will be a long term connection, I'd suggest looking into a branch office VPN, which is transparent to the devices sending traffic to each other.

    -James Carson
    WatchGuard Customer Support

  • OPTDougOPTDoug
    edited May 30

    Hi James,
    Thank you for the reply to my question. Sorry for my late response. I tried it a few weeks ago, and it worked like a charm. It was just a temporary solution for my FileMaker developer to do a small migration for us.

    Thank you,
    Doug

Sign In to comment.