We will show you how to deploy a NAT rule towards a NAS using Port 443 even if the USG FLEX/ATP/VPN device already uses this port. In such a case, you will get a message to choose if you want to use this port for the device access or port forwarding to the NAS behind the firewall.
It is recommended to add such a NAT rule from the local network because you will lose the device's remote access after applying this rule for port 443.
Walkthrough Steps
1. Configure the NAT rule
Navigate to the following settings and add a new rule:
Configuration > Network > NAT
- add two new objects by clicking on "create new object" > "address"
- add your WAN and NAS IP
- select the created objects to external/internal IP
- set the port mapping type to port 443 and configure them
- check if NAT loopback is enabled and click OK/Apply (allows users connected to any interface to use the original IP address to access the mapped IP device)
When you click ok, you will get a pop-up message with the warning that you are using port 443 in this NAT rule and it is conflicting with the web management GUI / SSL VPN. When you accept this message, the connection via WAN to the device will NOT be possible anymore.
Click yes if you want to proceed and take this NAT rule active.
Navigate to the following settings and add a new rule:
Configuration > Security Policy > Policy Control
From WAN to LAN, Destination NAS IP, Service HTTP_NAS, Action allow
Save the rule and now, if possible, test the NAT rule from a different remote network. You should have access to your NAS via WAN.
Test the result
Comments
0 comments
Please sign in to leave a comment.