I have a problem that I hope someone can help concerning my Watchguard Firebox 700.
My company has 30 usable static IP addresses provided by the ISP, which are 202.78.120.161 to 202.78.120.190, and the subnet mask is 255.255.255.224. What I am trying to do is to redirect the IP addresses of 202.78.120.167 and 202.78.120.168 to the 2 Terminal Servers in my DMZ (Trusted network) which have the IP addresses of 192.168.11.167 and 192.168.11.168 respectively, but I haven't had success doing so.
Previously, I was using this firewall appliance from Esoft called the InstaGate EX2 and it was doing the redirection and that firewall has since been taken down for some purpose. I know there's something called port forwarding with Watchguard 700 but I don't plan to use port forwarding at this moment. Instead, I want to the public IP address to be redirected to the DMZ IP address.
What I have tried so far to do this redirection of IP address is to use 1-to-1 NAT. In order to do this, I have checked the box to enable the 1-to-1 NAT. There are 2 entries. For the 1st entry, the interface is specified as optional, number of hosts is 1, NAT base is 202.78.120.167 and Real base is 192.168.11.167. For the 2nd entry, the interface is specified as optional, the number of hosts is 1, NAT base is 202.78.120.168 and the Real base is 192.168.11.168.
These are the 5 services icons that have been setup from left to right, including one service icon that I setup for Terminal Services called Terminalserv. They are:
FTP:
Incoming is enabled and denied
Outgoing is enabled and allowed from Any to Any
Outgoing:
Filter rules are allowed as specified
Internal hosts is Any and
External hosts are External and Optional
Ping:
Incoming is enabled and denied from Any to Any
Outgoing is enabled and allowed from Any to Any
Terminalserv
Incoming is enabled and allowed from Any to Optional
Outgoing is enabled and allowed from trusted to optional
Properties, Port is 3389, Protocol is TCP and Client Port is client
Watchguard:
Incoming is enabled and allowed from Any to Any
Outgoing is enabled and allowed from Any to Any
On the Firebox 700, for the External interface, the IP address that has been set is 202.79.112.178/27 which means that the subnet mask is 255.255.255.224. The default gateway specified is the router's, which is 202.79.112.161
For the Trusted interface, the IP address specified is 192.168.10.254/24 and for the Optional interface, the IP address specified is 192.168.11.254/24
So far, I am able to access the 2 Terminal Servers from within the LAN (Trusted Network) itself with Terminal Services Client, so I know that those two hosts are up and running. I can ping and use the IP addresses of 192.168.11.167 and 192.168.11.168 but not 202.79.112.167 and 202.79.112.168.
I am not able to access or ping the 202.79.112.167 and 202.79.112.168 from inside the LAN (trusted network) and outside the firewall (external network).
I am not sure where I have gone wrong, as in what settings I have not configured. I would appreciate your help very much as to how I can rectify this problem.
Thank you very much in advance.
Kingsley
My company has 30 usable static IP addresses provided by the ISP, which are 202.78.120.161 to 202.78.120.190, and the subnet mask is 255.255.255.224. What I am trying to do is to redirect the IP addresses of 202.78.120.167 and 202.78.120.168 to the 2 Terminal Servers in my DMZ (Trusted network) which have the IP addresses of 192.168.11.167 and 192.168.11.168 respectively, but I haven't had success doing so.
Previously, I was using this firewall appliance from Esoft called the InstaGate EX2 and it was doing the redirection and that firewall has since been taken down for some purpose. I know there's something called port forwarding with Watchguard 700 but I don't plan to use port forwarding at this moment. Instead, I want to the public IP address to be redirected to the DMZ IP address.
What I have tried so far to do this redirection of IP address is to use 1-to-1 NAT. In order to do this, I have checked the box to enable the 1-to-1 NAT. There are 2 entries. For the 1st entry, the interface is specified as optional, number of hosts is 1, NAT base is 202.78.120.167 and Real base is 192.168.11.167. For the 2nd entry, the interface is specified as optional, the number of hosts is 1, NAT base is 202.78.120.168 and the Real base is 192.168.11.168.
These are the 5 services icons that have been setup from left to right, including one service icon that I setup for Terminal Services called Terminalserv. They are:
FTP:
Incoming is enabled and denied
Outgoing is enabled and allowed from Any to Any
Outgoing:
Filter rules are allowed as specified
Internal hosts is Any and
External hosts are External and Optional
Ping:
Incoming is enabled and denied from Any to Any
Outgoing is enabled and allowed from Any to Any
Terminalserv
Incoming is enabled and allowed from Any to Optional
Outgoing is enabled and allowed from trusted to optional
Properties, Port is 3389, Protocol is TCP and Client Port is client
Watchguard:
Incoming is enabled and allowed from Any to Any
Outgoing is enabled and allowed from Any to Any
On the Firebox 700, for the External interface, the IP address that has been set is 202.79.112.178/27 which means that the subnet mask is 255.255.255.224. The default gateway specified is the router's, which is 202.79.112.161
For the Trusted interface, the IP address specified is 192.168.10.254/24 and for the Optional interface, the IP address specified is 192.168.11.254/24
So far, I am able to access the 2 Terminal Servers from within the LAN (Trusted Network) itself with Terminal Services Client, so I know that those two hosts are up and running. I can ping and use the IP addresses of 192.168.11.167 and 192.168.11.168 but not 202.79.112.167 and 202.79.112.168.
I am not able to access or ping the 202.79.112.167 and 202.79.112.168 from inside the LAN (trusted network) and outside the firewall (external network).
I am not sure where I have gone wrong, as in what settings I have not configured. I would appreciate your help very much as to how I can rectify this problem.
Thank you very much in advance.
Kingsley