Can't figure out how to port forward USG20-VPN FW 4.31(ABAQ.0)

Zendata
Zendata Posts: 9
First Comment
edited April 2021 in Security
I have looked up numerous guides and youtube videos but most of the of the help is on an older version. I am using the latest version of the FW and still receive my connection is being rejected. My modemn is in bridge mode so I know that can't be the issue. I have attached screenshots so we can figure this out. The port I am trying to open is 32400. Any help? I've been going crazy over this.

Service Rule

Nat rule
Security Policy

Accepted Solution

«1

All Replies

  • [Deleted User]
    [Deleted User] Posts: 118  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited July 2018
    Dear @Zendata
    as following

    Create service object:



    Create the nat rule!



    Note: NAT Loopback can be activated, so internal clients can contact server on the WAN IP-address. (Only if Original IP is not ANY.) therefore i filled in external ip

    And then The policy control --





    This should  work !
    otherwise make a copy of your log and post it here :-) 

  • Zendata
    Zendata Posts: 9
    First Comment
    I dont understand the original IP vs mapped ip. Our screenshots are different. This didnt work for me it is still denying. How do I provide logging.
  • Zendata
    Zendata Posts: 9
    First Comment
    Also for the ending port, I cant specify it. When i specify 32400 for starting and ending and save. I reopen the service and the ending port is blank.
  • Zendata
    Zendata Posts: 9
    First Comment
    Your screenshots say internal vs external. I dont know how that relates to my screens.
  • Zendata
    Zendata Posts: 9
    First Comment
    I feel like we are lined up here idk what Im missing.
  • Zendata
    Zendata Posts: 9
    First Comment
    Key thing to note my modemn is in bridge mode on public dhcp lease.
  • Zendata
    Zendata Posts: 9
    First Comment
    The last thing I can possible think it could be is that zyxel is picking up my IP as a 192 address when my public is a 99.91 address (naturally).
  • [Deleted User]
    [Deleted User] Posts: 118  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Internal external mapped or original  its all the same just other description..
    Everything is explained above.. 

    Use youre orignal ip : this is the public wan ip from your ISP
    Mapped ip is the nas ip internally
  • Zendata
    Zendata Posts: 9
    First Comment
    As you can see from the screenshots provided that is exactly what I have. I'm still being denied. How do I upload logs. I need this working before friday next week.

Security Highlight