Need Help Administering A Firewall...

[StrongView]

I know someone here must have experience administering firewalls here. I'm new to this game, so if you can guide me in the right direction, I'd appreciate it.

Here's the story. One of my offices needs to run a webserver. I can't get my firewall (Symantec Gateway Security 440) to let HTTP and HTTPS connections through. The firewall has a public IP (I can ping it) so I know connections are getting there. I've told the firewall that if it receives any HTTP or HTTPS requests, to forward it to the private IP of our webserver (192.168.0.12). Nothing gets there!

I've plugged the server in, outside of the firewall. It gets a public IP and can be pinged and HTTP and HTTPS requests get through with no problem. So I'm pretty certain it's the firewall. I'm all out of ideas now. Does anyone have experience with the Symantec gateway/firewall products? Even if you don't, and have an idea of how to deal with this....let me know. Either PM me or post here. Thanks a bizillion!

[cdnvic]

You need to hire someone to setup your network security properly. A corporate webserver should not be run on advice from a forum. This is one place you should not be cutting corners on. I'd hire someone to come in for an hour to examine your network because if you don't have the experience to get this setup then you can have all kinds of problems that you don't know enough to spot.

[Simmo]

Hard to diagnose without knowing more detail about the network setup - sounds like you're doing the basic steps correctly - Does the web server has full access outbound & what kind of NAT is the firewall doing?

Is the web server just for inter office work or a select few clients?.. If so a VPN would be a better idea, a lot more secure.

[youngkiwi]

This is very easy to achieve. Although I am not familiar with your firewall specifically, most firewalls follow a similar configuration. You should open up ports 80 (http) and port 443 (https), which are the commonly used ports for web traffic in most setups. As far as routing the requests to your web server located on your internal IP are concerned, you can use either the virtual servers function or DMZ on your router to forward requests to an IP located within your internal network. This relies on your router supporting NAT. Using DMZ is more of a security risk however, as it effectively forwards all incoming traffic rather than specific ports.

May I ask however why you want to run your own web server? For the maintenance and security hassles and low cost of reliable hosting in the market, unless you extreme requirements I'd say you'd be better off hosting on a professional service. I can recommend one if need be.

[lingling]

I know someone here must have experience administering firewalls here. I'm new to this game, so if you can guide me in the right direction, I'd appreciate it.

Here's the story. One of my offices needs to run a webserver. I can't get my firewall (Symantec Gateway Security 440) to let HTTP and HTTPS connections through. The firewall has a public IP (I can ping it) so I know connections are getting there. I've told the firewall that if it receives any HTTP or HTTPS requests, to forward it to the private IP of our webserver (192.168.0.12). Nothing gets there!

I've plugged the server in, outside of the firewall. It gets a public IP and can be pinged and HTTP and HTTPS requests get through with no problem. So I'm pretty certain it's the firewall. I'm all out of ideas now. Does anyone have experience with the Symantec gateway/firewall products? Even if you don't, and have an idea of how to deal with this....let me know. Either PM me or post here. Thanks a bizillion!

Some crappy firewalls need to be rebooted for that kind of changes to take effect. No idea if your firewall falls in that category though.