Professional Documents
Culture Documents
PORT FORWARDING Using Virtual Host To Access Devices On Internal Network - Sophos Community
PORT FORWARDING Using Virtual Host To Access Devices On Internal Network - Sophos Community
Overview
This article demonstrates steps to configure Cyberoam to provide the access of internal resources
using virtual host.
Virtual host implementation is based on the Destination NAT concept of older versions of Cyberoam.
Virtual Host maps services of a public IP address to services of a host in a private network. In other
words, itis a mapping of public IP address to an internal IP address. This virtual host is used as the
Destination address to access internal or DMZ server.
A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself.
Cyberoam will automatically respond to the ARP request received on the WAN zone for the external IP
address of Virtual host.
Cyberoam allows Port Forwarding for Virtual Hosts. Additionally, Cyberoam allows configuring a Port list for the
virtual host. The ports within the list can be comma separated. It can be mapped against a Port List or a Port.
Further a Port Range can now also be mapped against a single port. This creates one to one mapping or many to
one mapping between the external port and the mapped port.
Note:
· For a single virtual host, a maximum of 16 ports can be configured in a Port List.
· All the ports within a Port List support single protocol viz., either a TCP or a UDP protocol as per the
configuration. A combination of both of these protocols within a Port List is not allowed.
Scenario
Throughout the article we will use the network parameters shown in the network diagram given
below. Outbound traffic from LAN and DMZ is allowed while inbound traffic is restricted. The Web
Server is hosted in the DMZ.
https://community.sophos.com/kb/en-us/130130 1/5
24/02/2020 Configure Port Forwarding using Virtual Host to access devices on Internal network - Sophos Community
External IP: IP address through which Internet user’s access internal server.
Mapped IP: IP address bound to the internal server.
Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).
https://community.sophos.com/kb/en-us/130130 2/5
24/02/2020 Configure Port Forwarding using Virtual Host to access devices on Internal network - Sophos Community
Go to Firewall > Virtual Host > Virtual Host and click Add to add virtual host for Web Server with the
parameters as specified in the table below.
External Port
Port Available Options:
Type
• Port
• Port Range
• Port List
Specify public port number for which
External Port 80 you want to configure port
forwarding.
Mapped Port Type - Select the type of
mapped port from the available
options:
Mapped Port
Port
Type Available Options:
• Port
• Port Range
• Port List
Specify mapped port number on the
Mapped Port 80 destination network to which the
public port number is mapped.
https://community.sophos.com/kb/en-us/130130 3/5
24/02/2020 Configure Port Forwarding using Virtual Host to access devices on Internal network - Sophos Community
Click OK and the Virtual Host for Web_Server will be added successfully.
On clicking OK, the Add Firewall Rules For Virtual Host screen appears which allows you to create
firewall rules to allow access to Web_Server from other zones such as WAN zone.
Enable Add Firewall Rule(s) For Virtual Host and set rule parameters as desired.
Note:
https://community.sophos.com/kb/en-us/130130 4/5
24/02/2020 Configure Port Forwarding using Virtual Host to access devices on Internal network - Sophos Community
- In the given example, Virtual Host configuration for Web Server is shown. Virtual Host for other servers like
Mail Server, FTP Server or
Database Server can be created similarly.
- While adding the Firewall Rule for the Virtual Host, it is recommended to allow only the required services
corresponding to the
Server for security of the hosted server.
To verify the Firewall Rules, go to Firewall > Rule > IPv4 Rule. Click to expand the DMZ – DMZ DMZ –
WAN and WAN – DMZ firewall rules. As shown in the image, three firewall rules are created for the
virtual host of Web Server as shown in the image below.
Cet article vous a t-il fourni les informations que vous recherchiez ?
Tous les commentaires envoyés sont lus par un membre de notre équipe. En revanche, nous ne
répondons pas aux questions techniques spécifiques. Si vous avez besoin d'assistance technique,
veuillez poser votre question sur notre communauté. Pour tous produits sous licence, veuillez ouvrir
un incident support.
https://community.sophos.com/kb/en-us/130130 5/5