Help with NAT rules setup - USG40

2»

Comments

  • Josias_MaiaTI
    Josias_MaiaTI Posts: 8  Freshman Member
    Friend Collector First Comment
    Hi @ChristianG,

    Below is the topology picture, hope you can understand what I mean, if it's not clear, please let me know and I'll try to re-do it.

    Requests come to the ISP Router (the "router" is an Ubiquiti AirGrid Antenna), and the DMZ is working. I've changed back to Cyberoam to test it, and the external RDP connections worked again. When I put ZYWALL back on, RDP stopped working from WAN to LAN.

    It looks like ZYWALL is not accepting WAN to LAN connections, including the appliance's access itself. I can only access ZYWALL from LAN (HTTP and HTTPS), but from WAN I cannot.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited February 2018
    @Josias_MaiaTI ,
    Have you tried the example of configuration which I shared with you?
    As you mentioned"When I put ZYWALL back on, RDP stopped working from WAN to Lan"~~ You should add NAT rule and create the security policy"(Example)


    Moreover, as your description, " I can only access ZYWALL from LAN (HTTP and HTTPS), but from WAN I cannot."~~you need to add the security policy to allow specific IP can access USG.
    Create object address for remote client

    Security policy

    Charlie

  • Josias_MaiaTI
    Josias_MaiaTI Posts: 8  Freshman Member
    Friend Collector First Comment
    Hello @Zyxel_Charlie
    Thanks for the reply.

    I've tried the example you sent but still doesn't work. I can't access ZyWALL from WAN and I can't RDP from WAN to my Server1.

    In the WAN to ZYWALL rule, the source should be any IP originated from a specific country (in this case Brazil).

    Also, I don't know if it's useful, but when I was testing and creating the rules as you've sent in the prints, for some reason, my LAN to WAN traffic is affected. I have a Policy Route that redirects LAN to WAN RDP traffic to route through a specific IP, if I create a Policy Control rule like you've sent, it affects that Policy Route. Below is a print for my Policy Routes, I don't know if this is affecting my WAN to LAN access rules.


  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @Josias_MaiaTI
    All routing rules are for outgoing traffic will not affect the RDP service.
    To analyze this case, I want to confirm information with you.
    1. Please disable the firewall and see can you access the zywall?
    2. Do you change the access port to 4433? If so, please add the security rule: Wan->Zywall, Service: 4433(you need to create the Service first)
    3. Do you want the RDP Service from Port 41000 (Wan)to 3389(Lan)? (I read your original post was port 42000, but the picture you share display 41000)
    Charlie

Security Highlight