Cannot browse nat webpage internally in lan

Reply
Not applicable

Cannot browse nat webpage internally in lan

Hello All,

We have some internet facing servers who has NAT public address.

1)     Externally we can access the public address of the server.

2)     Internally on our LAN, we cannot access the public address of the server, it timed out. However the appliance monitor tab shows accept, nothing was denied.

The policy rules i set was

Any to Any - Server_public_address - Web browsing allowed

Anyone knows what could be causing this issue ?

Thanks

Ben

L4 Transporter

Re: Cannot browse nat webpage internally in lan

If the clients and the servers are on the same LAN then the response from the server is likely going directly to the client and not back through the firewall.  The client is receiving a response packet with the internal address instead of the external one so it rejects the packet as unexpected. 

To fix this scenario you can set up a Source-NAT + Destination-NAT rule from the client subnet to the servers so the return traffic is forced back to the firewall and correctly processed for NAT and security before it gets to the client. This concept is known as a U-Turn NAT Rule.

Cheers,

Kelly

L2 Linker

Re: Cannot browse nat webpage internally in lan

I just posted a somewhat similar issue.  Explicitly allowing the traffic (even though the logs were not showing anything was blocked) resolved the problem.  My post asked why this behavior is occuring.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!