Purpose of the article
- This article will show you how NAT port Web Server allows users in the WAN area to access the web server.
Diagram
- In this diagram we have a Sophos Firewall device with WAN address with IP of 172.16.31.153 and a Web Server located in the LAN with IP address of 172.16.16.100.
- They will create a Business Application Rule to NAT port 80 for Web Server so that users in WAN area can access Web Server inside.
Configuration
- First we need to login to the Sophos XG admin page with an admin account.
- Click Firewall> + Add Firewall rule> Business Application Rule.
- We will then enter the following information.
- Application template: select DNAT / Full NAT / Load Balancing from the drop-down list.
- Set name for policy.
- In the Source section, we will select Any for Source Zone and Allowed client network. This is the part of the IP that is allowed to access the Web Server from outside.
- In Destination & service, select Port Wan for the Destination host / network and in the service select the port that the external will use to access (may be the same or different port 80).
- Next to Forward to, in the Protected Server section select the Web Server and Protected zone select the zone containing the Web Server, mapped port will be port 80.
- Click Save to save.
- To access Web Server from the WAN area we use the following link https://172.16.31.153:80.
- After accessing the above path, the firewall will receive a request to access WAN IP address 172.16.31.153 with port 80 as if the firewall rule has just created it will forward to the address of the Web Server with port 80 and so they was able to access Web Server successfully.
Leave a Reply