Table of contents
Start with address objects ................................................................................................................................. 3 Create Virtual Server rule .................................................................................................................................. 5 Create Firewall rule ........................................................................................................................................... 6
Scenario
With Virtual Server (Port Forwarding) the ZyWALL forwards specific requests to the selected server/client. This guideline shows how to setup a Virtual Server rule.
Client
ZyWALL USG
V H irtu TT a P l Se re rv qu e es r t
Web Server
To create a Virtual Server rule, the simplest way is to start with creating address objects. In this tutorial we will create two objects, one for the WAN1 Interface IP-address and one for the servers internal IP-address. To create an address object go to the Configurations menu. Select the Object -> Address menu. Click the Add button.
Give the object a name. Choose Interface IP as Address Type, as this will dynamically follow the interface IP-address, and select Interface WAN1.
Use the same step for the servers address object. Here you use Host as Address Object. Insert your servers internal IP-address.
To create the Virtual Server rule, go to Network -> NAT menu, and click the Add button.
Enable rule. Insert a rule name. Select Virtual Server. Choose the incoming interface (usually WAN1 or ge2). Select the new WAN1_IP object as Original IP, select Int_SRV_IP as Mapped IP. Select Service as Port Mapping. In Original and Mapped Service you can select HTTP. Click the OK button.
Note: NAT Loopback can be activated, so internal clients can contact server on the WAN IP-address. (Only if Original IP is not ANY.)
As the final step, we need to create a Firewall Rule, to allow traffic pass through to the server. Go to the Firewall menu, and press the Add button.
Select from WAN to LAN1. Insert your servers IP-address object as Destination. Select your preferred Service or Service Group. In this case HTTP is selected. Set Access as Allow. Enable Log if needed. Click the OK button.