Cannot browse nat webpage internally in lan

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cannot browse nat webpage internally in lan

Not applicable

Hello All,

We have some internet facing servers who has NAT public address.

1)     Externally we can access the public address of the server.

2)     Internally on our LAN, we cannot access the public address of the server, it timed out. However the appliance monitor tab shows accept, nothing was denied.

The policy rules i set was

Any to Any - Server_public_address - Web browsing allowed

Anyone knows what could be causing this issue ?

Thanks

Ben

2 REPLIES 2

L4 Transporter

If the clients and the servers are on the same LAN then the response from the server is likely going directly to the client and not back through the firewall.  The client is receiving a response packet with the internal address instead of the external one so it rejects the packet as unexpected. 

To fix this scenario you can set up a Source-NAT + Destination-NAT rule from the client subnet to the servers so the return traffic is forced back to the firewall and correctly processed for NAT and security before it gets to the client. This concept is known as a U-Turn NAT Rule.

Cheers,

Kelly

L2 Linker

I just posted a somewhat similar issue.  Explicitly allowing the traffic (even though the logs were not showing anything was blocked) resolved the problem.  My post asked why this behavior is occuring.

  • 1929 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!