No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


internal user can't visit the internal server from internet

Publication Date:  2017-11-29 Views:  498 Downloads:  0
Issue Description

The customer have a Server on the internal network. They configure the NAT-Server on the USG6630, so that the user can visit it from the internet.

The topology just as below:

After the customer finish the configuration, the external user can visit the server from internet but the internal user can not.

Handling Process

First we checked the source NAT about the internal user, it is ok and the internal user can access internet normally.

We used the internal user to visit the internal server from the internet then we checked the firewall session,there is no session on the Firewall.

So we can know that the traffic is dropped by the Firewall.

We checked the NAT-Server configuration, it configure the source zone on the NAT-Server, just as below:


nat server VIP_DPIS 16 zone Extranal global x.x.x.x inside unr-route


it means that only permit the user from the Extrannal Zone to visit the server, the internal user belong to the Internal Zone, so it can't visit it from internet.

After the customer removed the Zone configuration the internal user can visit it from internet.




Root Cause

When the customer configure the NAT-Sever they configure the Zone, so that the user from the other Zone can't access.


When you configure the NAT-Server you should know that which user need to visit the server from internet, so you can configure the right Zone or not configure it.