Purpose
This article describes how to access to an internal server via WAN2 port.
Diagram
Expectations, Requirements
User 192.168.40.50 should be able to access to the internal server 192.168.40.180 via public IP address 200.87.58.150 on WAN1 interface.
Configuration
This article describes how to access to an internal server via WAN2 port.
Diagram
Expectations, Requirements
User 192.168.40.50 should be able to access to the internal server 192.168.40.180 via public IP address 200.87.58.150 on WAN1 interface.
Configuration
1) Send out the internet traffic from IP segment 192.168.40.0/24 via WAN2 interface:
# config router policy
edit 1
set dst 0.0.0.0/0.0.0.0
set src 192.168.40.0/24
set input-device lan
set output-device wan2
set gateway 189.201.100.23
end
end
2) VIP configuration:
# config firewall vip
edit "Internal_Server"
set extip 200.87.58.150
set extintf "wan1"
set portforward enable
set mappedip "192.168.40.180"
set extport 443
set mappedport 443
end
end
3) PC and Internal Server are located in same LAN segment.
# config router policy
edit 1
set dst 192.168.40.180/32
set src 192.168.40.0/24
set input-device lan
set output-device lan
end
end
4) Allow traffic from LAN IP segment 192.168.40.0/24 to internet via WAN2 interface:
# config firewall policy
edit 10
set srcintf "lan"
set dstintf "wan2"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
end
end
