Configure public IP to see internal network
Currently a platform for remote desktops is being configured in the office and for the implementation it is required to use the public IP and the port 443, they mention that a NAT must be done to my internal IP where the server is and give access permissions.
How do I NAT and give permissions on the XT25M?
0
Sign In to comment.
Comments
Set up an SNAT for this access. Add a HTTPS policy From: Any-external To: the SNAT.
Configure an SNAT Action
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/centralized_management/config_templates_snat_wsm.html
You can require users to authenticate to the firewall using TCP port 4100 as one possible way to give permissions. Use the user names or an group or alias name to which those users are members.
If you know the source IP addrs of the connecting users, you could use those in the From: field of the HTTPS policy
Another option is to have users connect via a client VPN which would remove the need for the incoming HTTPS SNAT policy.
Thank .
In Set source IP check box = here is my public IP?
In select the Set internal port to a different port check box = 443 Port?
Then I go HTTPS-Proxy Policy and create a new one.
I put a Web server configuration and only changed the ports (Firebox Examples)
Here is an example using WSM Policy Manager to change your config:
https://www.watchguard.com/help/configuration-examples/snat_web_server_configuration_example_(en-US).pdf
Do not enter anything for "Set source IP" or "Set internal port to a different port". These are for special cases, not for what you want to do.
sorry to bother you again.
How would I have to do the configuration with https (Port 443)
What steps would you have to do to do it with a port 443.
The example is from a web server but I need port 443 for it.
I mean a static nat but with port 443 and it can be seen inside my internal network.
Thank you
TCP port 443 is normally for HTTPS access.
What are you trying to allow access to via TCP port 443?
Hello
I am testing it internally but still cannot access the public IP from my internal network.
I'll check the rules
Thank you
To test this internally, you need to set up NAT Loopback
Add Any-trusted to your incoming HTTPS policy From: field
NAT Loopback and Static NAT (SNAT)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_loopback_static_c.html