Can't figure out how to port forward USG20-VPN FW 4.31(ABAQ.0)

Zendata
Zendata Posts: 9  Freshman Member
First Comment
edited April 2021 in Security
I have looked up numerous guides and youtube videos but most of the of the help is on an older version. I am using the latest version of the FW and still receive my connection is being rejected. My modemn is in bridge mode so I know that can't be the issue. I have attached screenshots so we can figure this out. The port I am trying to open is 32400. Any help? I've been going crazy over this.

Service Rule

Nat rule
Security Policy

Accepted Solution

«1

All Replies

  • [Deleted User]
    [Deleted User] Posts: 118  Ally Member
    5 Answers First Comment Friend Collector Fifth Anniversary
    edited July 2018
    Dear @Zendata
    as following

    Create service object:



    Create the nat rule!



    Note: NAT Loopback can be activated, so internal clients can contact server on the WAN IP-address. (Only if Original IP is not ANY.) therefore i filled in external ip

    And then The policy control --





    This should  work !
    otherwise make a copy of your log and post it here :-) 

  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    I dont understand the original IP vs mapped ip. Our screenshots are different. This didnt work for me it is still denying. How do I provide logging.
  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    Also for the ending port, I cant specify it. When i specify 32400 for starting and ending and save. I reopen the service and the ending port is blank.
  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    Your screenshots say internal vs external. I dont know how that relates to my screens.
  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    I feel like we are lined up here idk what Im missing.
  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    Key thing to note my modemn is in bridge mode on public dhcp lease.
  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    The last thing I can possible think it could be is that zyxel is picking up my IP as a 192 address when my public is a 99.91 address (naturally).
  • [Deleted User]
    [Deleted User] Posts: 118  Ally Member
    5 Answers First Comment Friend Collector Fifth Anniversary
    Internal external mapped or original  its all the same just other description..
    Everything is explained above.. 

    Use youre orignal ip : this is the public wan ip from your ISP
    Mapped ip is the nas ip internally
  • Zendata
    Zendata Posts: 9  Freshman Member
    First Comment
    As you can see from the screenshots provided that is exactly what I have. I'm still being denied. How do I upload logs. I need this working before friday next week.

Security Highlight