Allow incoming traffic for certain IP and port
Hi, noob here so take it easy on me! Just in process of slowly moving from Draytrek to Watchguard. On the Draytek I block all incoming traffic and specifically allow traffic from one remote IP with ports specified. Additonally, I have some ports forwarded.
I have created a SNAT rule to forward the ports to relevant local PC which looks ok.
I guess I need a firewall policy to allow the external IP (with source and dest ports)? How would I best do this. I'm using web config locally managed T series firebox.
I looked that the live log and I saw
Deny X.X.X.X(Remote IP) Y.Y.Y.Y (Local Public IP ) LOCAL TCP PORT/TCP REMOTE PORT(I think !) LOCAL PORT
Appreciate the help !
0
Sign In to comment.
Comments
If this is well known port, then there may be a predefined packet filter to use (a predefined policy template).
If not, then you need to add a Custom packet filter for the desired port.
Then add a policy for the packet filter From: Any-external To: SNAT created above
See the Add a Firewall Policy section here:
Add Policies to Your Configuration
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/add_policy_c.html
and
Create or Edit a Custom Policy Template
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policy_create_custom_c.html
Hi @Marklar
For an inbound policy, you only need the destination port.
We'd need to see more of the deny log in order to provide you any reason as to what the traffic is being denied for. If the disposition is "unhandled external packet" this means that we don't have a rule that matches your traffic.
-James Carson
WatchGuard Customer Support
Thanks for the help peeps much appreciated ! Will have a look at the links you sent. Cheers
Indeed its an unhandled packet
You should ignore denies like these. This is not something that you should try to allow into your firewall.
I see odd packets from the Internet all the time correctly being blocked by my firewall.