External Access Through VLAN Port on FIrebox

PABDAPABDA
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Hi All,
Hoping you guys can shed some light on this.

OBJECTIVE:
===========.
Need external access to internal resources. Such as, email, helpdesk, core apps.

CONFIG SCENARIO:
==================.
FIREWALL: internal port is configured as dedicated internet VLAN and paired with the layer 3 switch as same.
- No other VLANs on firewall,
- no other ports connected to internet.
- Firewall has several static routes to each vlan subnet on the switch over the dedicated internet vlan. These are pingable from the firewall PING tool.

SWITCH:
- default port (of last resort) points to the vlan port on firewall.
- all vlans have interfaces with default routes pointing to the internet vlan IP on the switch.

All outbound traffic on any vlan can access the internet.

ISSUE: Prior to using VLANs, all external resources that were published were working. Now, not a single internal resource is working when attempting to access externally.

Thinking it is a basic config that I have overlooked. (Am I allowed to publish resources through the vlan interface on the firewall?)

Hoping someone can point out my error.

Cheers

Comments

  • PABDAPABDA
    ASKED and ASNWERED: Disregard. Solution obtained.
    Under Firewall - Interfaces - DNS: Settings needed to have the domain / IP pair for the published servers domains. The SNAT rule must have use FQDN. I discovered this when I tried the DNSlookup tool on the firebox. It resolved to the public IP.
  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @PABDA Thank you for posting your solution. Have a great day.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.