Port forwarding nat network

HI,
One of our SW is double NATed, and its WAN has the IP 172.21.5.1. I am certain that the first firewall in the network (a large building with multiple tenants) sends all incoming requests to our SW. I want to use the wizard to open port 22 on one of our devices to some IPs from the internet. When using the wizard, the WAN IP 172.21.5.1 is added automatically. Can I change this IP to the public IP 62.XX.XX.195, or should I finish the wizard first and then change the IP?
Thanks
Category: Web Application Firewall
0
Answers
Your SNWL does not see the public IP 62.xx.xx.195, you have to use 172.21.5.1 as Original Destination for your NAT and Access Rule, Translated Destination is your internal IP.
But this only works if the router is natting 62.xx.xx.xx.195 to 172.21.5.1 in the first place.
—Michael@BWC
Thank you for your reply, so If I undertood you correctly I have to use the 172.21.5.1 as my WAN in wizard and run a test and see if I can reach the port that I opened ( lets say 22) from 62.XX.XX.195, If it doesn’t work, the upstream firewall must also be configured to forward traffic from 62.xx.xx.195:22 → 172.21.5.1:22, correct?
Correct, the upstream firewall has to forward the traffic first.
NAT
SRC-ORIG: Address Group of authorized public IPs
SRC-Translated: Original
DEST-ORIG: X1 IP
DEST-Translated: internal host which runs SSH Server
SVC-ORIG: SSH
SVC-Translated: Original
Access Rule
SRC: Address Group of authorized public IPs
DEST: X1 IP
Service: SSH
That's it, I avoid "wizards" at all cost, but make sure that SSH is not enabled in your X1 WAN Interface settings, this would intercept Port 22 traffic.
—Michael@BWC
Thank you,
I avoid wizards😁 I do my best
I guess this would do it, correct?
Looks good to me if Tapart(22) is tcp/22.
—Michael@BWC