Software Version: Any
Issue Description: While trying connect to Internal
Web Server from Internal LAN unable to resolve the Domain Name, in spite of
resolving for Internet users “External Network” normally.
1. Check the network topology
information, we can find the local users and Internal Web Server in the same
network segment, and same Security Zone “Trust”.
2. Check the USG configuration
(Security policy, NAT, Routes ....), in order to make sure the configuration is
3. Check the Domain Name of the Web
Server, we found it related to Server’s Public IP Address.
4. Capture the outbound traffic from
local user PC to the Internal Web server and analyze it, to find the issue
in the traffic flow since it leave the PC until reach the Web Server.
5. Check the reachability to DNS
6. Check the Internal PC
1. The outbound traffic from inside
network "local users" unable to reach the Internal Web server
based on its public IP address, below condition should achieved:
i.The destination IP address of
Internal user's request packet need to translate into the Intranet IP address
of the Internal Web server.
ii.The source address need to
translate into a public IP address.
ii.The source address of the
response packet sent by the Internal server "Web Server" need to
translate into a Public IP address.
iv.The destination IP address need
to translate into the user's intranet IP address.
2. External users can reach Internal
Web Server normally as the External traffic match Server Mapping Policy.
Configure Source NAT Policy from
Trust-Zone to Trust-Zone in order to translate the user’s source address into
public IP address, and translate the destination address of the server’s response packet
into the user's intranet IP.
Firewall Session Table will be as below:
http VPN:public --> public x.x.1.100:4182[18.104.22.168:1972] --> 22.214.171.124:8080[x.x.1.10:80]