USG60W - forward http(s) from WAN1 to local LAN7vLANs. ?

ChrisGer

Hello Community,

i've upgraded to FW 4.39 right now - that works fine, but i've two questions about routing from WAN1 to internal (v)LANs. Here is a simple ascii scenario what i'm trying, but i can't play on the USG cause the device is in productive usage at my HomeOffice

My requirement

The USG60W is the Office to DMZ Firewall in my requiremen. the next Firewall is the INAC (InterNetAccessConnect) Firewall from my ISP. SSL VPN is working well, but how to forward http/s traffic from the ISP Firewall to an (v)LAN behind the USG60W ?

Mainly the USG60W is using 443 for HTTPS connect from WAN1 - in my scenario the USG should forward http/s to the (v)LAN behind the WAN1 port (LAN1/2/DMZ Zone). Routing is allready configured to get http/s request to the WAN1 port.

How to disable HTTPS and HTTP redirect only on WAN1 port and not for Management on LAN1 ?

SSLVPN-INAC Firewall --------> HTTP/HTTPS -----> USG -----> (v)LAN1/2/xxxx ?

Thanks and regards
Christian

PeterUK

See workaround

https://businessforum.zyxel.com/discussion/comment/14529/#Comment_14529

With the ports in a group go to NAT use Virtual Server

Incoming interface WAN1

source IP any

external IP any

Internal IP the server IP

port mapping type Service-Group

external service HTTP and HTTPS group

Make firewall rule from WAN1 to LAN1

ChrisGer

Hi @PeterUK

in my case the USG is routing but do no S/DNAT on WAN1 interface. and i remember if there is a connect from WAN1 back to LAN1 the USG admin interface is listening and responding with the authentication window

Regards
Christian