Hi I have a webserver in a DMZ area which is accessed via a VIP and accompanying IPv4 rule.

The Wan interface has a Carrier grade NAT address with a one 2 one NAT to a public IPv4 address at my ISP.

From the public internet I am able to access my web server just fine. However from my internal network I am not able to resolve the external pubic address to the wan address.

If I create a static dns entry in my host file and point the domain name at the wan address I can reach the website fine.

So I deduce that my ISP is not forwarding my request back to my wan address or I suspect my forties firewall has no knowledge it is also the public IP address.

What's the answer here?

A static route of some kind?

A second IP address on the Wan interface?

Or maybe there is a feature I need to turn on so the firewall knows it is also the public address?

Any assistance will be appreciated.

Thanks