How to reach an external server on a USG1100 firewall

Matt10669
Matt10669 Posts: 20  Freshman Member
Zyxel Certified Network Administrator - Security First Comment Second Anniversary
Hi, I need to reach an external server (IP 20.103.254.144) through the ports 80 and 443 of a USG1100 firewall from the clients of my LAN. At the moment the firewall blocks the outgoing flow. I found lot of guides about NAT service for incoming packets to an internal server but nothing about the opposite. I have to go out from LAN to WAN. Any explanations or helps will be very appreciated.

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited October 2022
    Hi @Matt10669,

    Can you see any blocked log at MONITOR > Log > View Log when filtering keyword "20.103.254.144"?

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 2022

    By default LAN to WAN is all allow out by policy control, do any clients of your LAN have internet access?


  • Matt10669
    Matt10669 Posts: 20  Freshman Member
    Zyxel Certified Network Administrator - Security First Comment Second Anniversary
    All my clients have internet access. I forgot to mention that in my LAN we have configured 2 VLAN's. I dont know if this can be important
  • Hi @Matt10669,

    Can you see any blocked log at MONITOR > Log > View Log when filtering keyword "20.103.254.144"?

    Thanks for Sharing Really Appreciated..... 
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Matt10669,
    Please help to test access 20.103.254.144 again and capture packets on USG1100 wan interface. 
    We would like to check why it is fail to access.

    MAINTENANCE > Diagnostics > Packet Capture.
    Interface = External wan interface
    Host IP = 
    20.103.254.144
    Download packets in "Files" tab and send me in PM for further analzying.


  • Matt10669
    Matt10669 Posts: 20  Freshman Member
    Zyxel Certified Network Administrator - Security First Comment Second Anniversary
    I checked and I don't have any block in the log monitor. But the service doesn't work. If I connect my lan directly into the router bypassing the firewall the service works. Very strange
  • Matt10669
    Matt10669 Posts: 20  Freshman Member
    Zyxel Certified Network Administrator - Security First Comment Second Anniversary
    Cooldia I've sent you what you asked. Thank you so much

Security Highlight