How do I configure port forwarding on a Watchguard XTM 2?

Solution 1:

http://customers.watchguard.com/articles/Article/2821 Answer ID 2821

Configure port forwarding [Fireware XTM v11.x, Fireware v10.x]

Date Updated 08/16/2010 04:30 PM

Network Address Translation (NAT) describes any of several forms of IP address and port translation. At its most basic level, NAT changes the IP address of a packet from one value to a different value. Port forwarding, also known as static NAT, is port-to-host NAT. When traffic is sent from a computer on the external network to a port on an external interface, static NAT changes the destination IP address to an IP address and port behind the firewall. Static NAT is only available for policies that use a specified port, which includes TCP and UDP. The steps to configure static NAT depend on the existing configuration, and type of device. The steps provided in this article provide a guideline for how to configure a policy with a static NAT to forward incoming traffic to an internal host.

Open Policy Manager.

Select Edit > Add Policy.

Select the policy template from the Packet Filters, Proxies, or Custom list that corresponds to the type of traffic you want to allow through the firewall. Click Add.

Remove Any-Trusted from the From list.

Remove Any-External from the To list.

Below the From list, click Add.

Add Any-External to the Selected Members and Addresses. Click OK.

Below the To list, click Add.

Click Add NAT.

The Add Static NAT dialog box appears.

Select the external IP address you want to use for the NAT from the External IP Address drop- down list. If you have a range of public IP addresses available, you can add them as secondary IP addresses to the external interface as described under Configure a secondary network in the online help to make them selectable in this drop-down list. Type the internal IP address of the host you want to forward traffic to in the Internal IP Address text box. Click OK.

Click OK to close the Add Address dialog.

Click OK to add the policy.

Save the policy to the device.

With this policy, all incoming traffic to the external IP address you specified in the static NAT configuration over the ports in the policy template is forwarded to the correct internal host.