NAT failing when trying to use same port on different static IP

Options
OneZyUser
OneZyUser Posts: 10  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Background:
 Our ISP provides us a WAN connection with 5 (consecutive) static IPs. 

When I try to add a NAT rule as follows, I get the error listed below. I am unable to figure out where the problem is. I'm using a Zywall 1100.

Mapping Type: Virtual Server
Interface: ge1
External IP: <static_ip_4>
Internal IP: <server_ip>
Service: https

Error: The port is conflicting with a port of zyxel device. Please fill-in a different port number or change the service port to a different one.


What I tried:
In system->www, added an admin service control to deny all addresses of WAN zone to access the admin page (forced admin users to go through VPN).

I remember this method worked in the previous versions, but am having issues in the latest version (for some reason, the device suddenly froze and reset to factory default after I updated the SSL certificate and am now having to restore all settings back. It refuses to restore the settings from my backup and so am doing it manually).

Comments

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Anniversary First Answer First Comment
    Options
    The https already be used by Unit, so you cannot configure the https service on NAT rule.
    Therefore, just modify the port number of accessing GUI on WWW page first.
  • PeterUK
    PeterUK Posts: 2,959  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options
    Nope you don't have too you can config the NAT to use 80 and 443 if you know what your doing without conflict.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    @PeterUK @OneZyUser 
    Regarding to this case,
    The solution will be included in next patch firmware released by the end of Feb.
    @OneZyUser 
    For the device's freeze issue,
    can I know what firmware version did you use? and the certificate you upload which you generated by yourself?
    I will private message you for details.
    Charlie

Security Highlight