USG Flex 700 Port Forwarding

Nico_L
Nico_L Posts: 6
First Comment Friend Collector
edited April 16 in Security

Hello,

I have a Zyxel USG 700 and desperately trying to get Port Forwarding to my Server or with other words: Trying to Access my Server from WAN (e.g Domain/IP).

I think my ZyWall is allowing incoming traffic to the server ip but not letting anything out.

Has anyone a Plan to get it working, it don’t know how to fix the Problem.

My Network setup:

GE01 = Starlink (Failover)

GE12 = Fiber (Main Internet) (Don't Ask why GE12, I will be changing it in a few Days)

GE14 = LAN Outgoing to Switch/Gateway

Bildschirmfoto 2024-04-16 um 21.22.55.png
Bildschirmfoto 2024-04-16 um 21.41.40.png
Bildschirmfoto 2024-04-16 um 21.42.16.png

«1

All Replies

  • WJS
    WJS Posts: 156  Master Member
    5 Answers First Comment Friend Collector Third Anniversary

    Your Secure Policy is incorrect.

    Correct rule be like:

    Source zone : WAN , Source: Any

    Dst znoe : LAN , Dst: Synology IP

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Unplug GE1 and test again

  • WJS
    WJS Posts: 156  Master Member
    5 Answers First Comment Friend Collector Third Anniversary

    Ahh, Sorry, I should note you have rule1.

    I think you need to design a for "DNS-Net" zone.

    Rule1: from"DNS-Net" zone not any

  • Nico_L
    Nico_L Posts: 6
    First Comment Friend Collector
    edited April 23

    Thanks for your comments.

    I Got it working, almost. Its Working 3-4 Hours and then without changing any Setting it just stop forwarding the Ports.

    I have to manually go into the USG Nat Settings, change the Internal IP from the Working Gateway/Device to a IP Address that isn't connected, wait about a minute, change it back and then, the port forwarding just works again. I don't understand why..

    Can anyone help with this Problem?

    GE01 got disconnected and will be offline for 1-2 Months

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    try the rule as 1:1 NAT

  • Nico_L
    Nico_L Posts: 6
    First Comment Friend Collector
    https://community.zyxel.com/en/discussion/comment/64863#Comment_64863

    Okay, I´m trying.

  • Nico_L
    Nico_L Posts: 6
    First Comment Friend Collector
    https://community.zyxel.com/en/discussion/comment/64863#Comment_64863

    so I’m back. It worked definitely longer, a little bit over a day. But now, same problem happend again and got fixed by changing the destination IP to a non existing client and back to the normal IP.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 24

    what if policy control rule for destination is any?

    I have setup a port test on my FLEX200 not the same model as you I see if I run into any problems

  • Nico_L
    Nico_L Posts: 6
    First Comment Friend Collector
    https://community.zyxel.com/en/discussion/comment/64904#Comment_64904

    I changed it to any. See if it helps, thank you in advance.

    That would be great, thank you. Functions should be the same, i think

  • Nico_L
    Nico_L Posts: 6
    First Comment Friend Collector

    Problem still exist. I dont know why, but its annoying me VERY much..

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)