Your SlideShare is downloading. ×
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network

163

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
163
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How To – Configure Port Forwarding using Virtual Host to access devices on Internal network How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkApplicable to – versions 9.5.3 build 14 or aboveThis article describes a detailed configuration example that demonstrates how to configureCyberoam to provide the access of internal resources.Article covers how to  Create virtual host  Create firewall rule to allow the inbound trafficVirtual hostVirtual host implementation is based on the Destination NAT concept of older versions ofCyberoam.Virtual Host maps services of a public IP address to services of a host in a private network. Inother words it is a mapping of public IP address to an internal IP address. This virtual host isused as the Destination address to access internal or DMZ server.A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself.Cyberoam will automatically respond to the ARP request received on the WAN zone for theexternal IP address of Virtual host.Sample schemaThroughout the article we will use the network parameters displayed in the below givennetwork diagram. Outbound traffic from LAN and DMZ is allowed while inbound traffic isrestricted. The public servers - mail and web server are hosted in DMZ. Network External IP address IP address (Internal) components (Public) Web server 203.88.135.208 192.168.1.4 (Mapped) Mail server 204.88.135.192 192.168.1.15 (Mapped)For virtual host:External IP: IP address through which Internet user’s access internal server.Mapped IP: IP address bound to the internal server.
  • 2. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkConfigurationEntire configuration is to be done from Web Admin Console unless specified.Step 1: Create virtual host for Web serverGo to Firewall  Virtual Host  Create and create virtual host with the parameters asspecified in sample schemaIn our example, Internet users will access internal web server using public IP 203.88.135.208which is mapped to local IP 192.168.1.4. In other words, all the inbound requests from203.88.135.208 will be forwarded to 192.168.1.4.
  • 3. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkNote  If servers are hosted on LAN, change the Physical Zone to LAN.  In case you have custom zones, change the Physical Zones accordingly.  Public IP address is the IP address through which Internet user’s access internal server/host. If public IP address is already configured as main Interface IP or alias IP, then use the option – Interface IP to select it as an external IP or else select the option IP and add the Public IP Address.Step 2: Create virtual host for Mail serverGo to Firewall  Virtual Host  Create and create virtual host with the parameters asspecified in sample schemaIn our example, Internet users will access internal mail server using public IP 203.88.135.192which is mapped to local IP 192.168.1.15. In other words, all the inbound requests from203.88.135.192 will be forwarded to 192.168.1.15.
  • 4. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkStep 3: Loopback firewall ruleOnce the virtual host is created successfully, Cyberoam automatically creates a loopbackfirewall rule for the zone of the mapped IP address. Loopback firewall rule is created for theservice specified in virtual host.Loopback rules allow same zone internal users to access the internal resources using itspublic IP (external IP) or FQDN.
  • 5. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkFor our example, DMZ to DMZ firewall rule is created as virtual host (mapped IP address)belongs to DMZ interface subnet.Check creation of loopback rule from Firewall  Manage FirewallStep 4: Add Firewall rulesRule 1Go to Firewall  Create Rule and create firewall rule for each server with theparameters as displayed in the below given screens.Click Create and the Firewall Rule for Webserver will be created successfully.
  • 6. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkClick Create and the Firewall Rule for Mailserver will be created successfully.NoteChange the Destination Host according to the actual server Location (Zone).To create firewall rules to allow internal users to access resources in DMZ using its public IP(external IP) or FQDN follow the below mentioned steps:Go to Firewall  Create Rule and create firewall rule for each server with theparameters as displayed in the below given screens.Click Create and the Firewall Rule for Webserver will be created successfully.
  • 7. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkClick Create and the Firewall Rule for Mailserver will be created successfully.Note:DO NOT “Apply NAT” for inbound SMTP rules. This will setup the MailServer as an OPENRELAY. Document version – 3.0- 12/05/2011

×