Watchguard SNAT not working

Question

We are currently changing our external IP Address and trying to setup external access to your internally hosted website again without much luck. We use Go Daddy as our DNS host for our web domain and we use Watch Guard as our internal firewall.

We up setup a rule on the Watch Guard for both HTTP and HTTP traffic, with the from field being our Telstra TID link and the two field being a SNAT (external IP > internal IIS server)

It appears as the Watch Guard is able to handle the SNAT

2019-05-09 10:39:38 Allow ***"Device IP"*** ***"External IP"*** http/tcp 63220 80 2-Telstra TID 1-Trusted Allowed 64 57 (HTTP to Newsagent TID-00) proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="***Internal IIS Server IP***" tcp_info="offset 11 S 3598958569 win 65535" geo_src="AUS" geo_dst="AUS"

but then the browser (using safari on a mobile as a test) says "Safari could not open the page because the server stopped responding"

Normally setting this type of thing up is simple so not sure what is happening in this particular case.

Hopefully someone in this forum could possibly help us solve this.

Cheers

Answer 1

The source of the traffic isn't your Telstra TID link, it's ANY.

The Telstra TID link isn't the originator of the inbound traffic and as such the source ip address of the incoming traffic is not the Telstra TID link. The source ip address of the traffic is ANY web browser coming from the WAN (public) that's trying to get to your internal website.

Change the inbound rule source to ANY and that should fix it.

Answer 2

This isn't a WatchGuard issue, had a support session with them and also setup a temp IIS server on a server and all worked. Must be a server thing