DNS Doctoring

Attempting to access external webserver from internal network. Internal/External DNS is the same. Creating a new DNS zone for www not working as the webserver is stripping the www. How does DNS Doctoring work on the Firebox?


  • If your goal is to access an internal web server using the public IP addr of that web server:
    1) for a web server on a different firewall interface than the devices trying to access it, use NAT loopback
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_loopback_static_c.html?Highlight=nat loopback
    2) for a web server on the same firewall interface as the devices trying to access it
    Solution #1:
    Add a NAT -> Dynamic NAT entry
    From: Trusted To: public IP addr of server
    Set Source IP: the firewall interface IP addr to which the server and workstations are connected
    Solution #2:
    Add a new unused subnet to the firewall interface that the server is connected, as a Secondary.
    Change the IP addr of the server to one from this new subnet.
    Change your policies to reflect the new IP addr of the server.
    Set up NAT loopback as in 1) above

  • Perfect. Thank you very much!
Sign In to comment.