I'm guessing what you didn't do is use the Redirect section of this rule (or at least you didn't say you used it in your initial post).
People are going to hit the external side of your firewall. If you don't use the Redirect function this traffic will never be sent (redirected) to your internal server. Select the internal IP of your server in the Redirect drop-down box in this inbound rule and it should work.
I already set on the Redirect box the Front End IP address as well as the Back End and none of them works....still getting on the IE "Host Not Found..gateway or Proxy server could not find the IP address of an upstream (web)", appreciate your help...
Have you looked at the audit? Are you actually hitting this rule?
Have you looked at tcpdumps?
Did you do a tcpdump on your external interface to see if this traffic is even hitting your firewall in the first place? That's the first thing I would do.
If it hits your external interface, did you do a tcpdump on your internal interface to see if the traffic is actually leaving the internal side of your firewall and getting no response? That's the second thing I would do.
If you want to have people on the Internet reach your internal web server, you'd make a rule like this:
Source Zone: Internet
Source IP: <Any>
Dest Zone: Internet
Dest IP: <Ext. IP of FW> or <Front End IP> (You don't set the Front End IP in the redirect box (I'm assuming a 'frond end IP' means an external IP address).)
Redirect: <Internal IP of web server> (<-- Is this what you called the Backend IP?)
You could make a rule that works perfectly fine, and your traffic goes through the firewall and out your internal side and simply gets no response from your web server. That's why tcpdumps are extremely important here. If the traffic isn't even hitting the external side of your firewall it doesn't matter what kind of rule you make. Check that it's hitting the external side of your firewall.
If your external interface is em0, take the tcpdump like this:
$> tcpdump -npi em0 port X and host y.y.y.y
(replace X with the port this is coming in on and replace y.y.y.y with the SOURCE IP of the box you're testing from)
You take the internal tcpdump the same way, except replace em0 with the name of your internal interface.
Hi again, sorry about the delay but i have dealing with other ex-secure products....so this it what i have done:
- just as clarification; When i mean Front End = It's a microsoft lexical on which you have two servers one acting as a Front server (rpc, owa, etc) and the other as Back End server acting as Mailbox or Storage so when i mean Front End Server is not the Firewall external interface...it's the Exchange Front End Server.
1. I created an access rule for the Microsof OWA server with the parameters that you mentioned on the last post and it works fine...i can access the portal and see my email.
The problem arise when i try to make multiple access rules for other internal resources such as the web site, sharepoint...etc. I have seen on the MFE documentation a "URL Translation feature" which help for this type of scenario which i try by doing an application Defense on the HTTP Protocol as well on the Generic(Required ) section then i put both things together on a Group. Then i set it on the application defense section of the Access rule for accomplishing the connection and url translation settings but i didn't have luck!
1. Have you work with the url translation feature??
2. What are the recommended settings for it?
Any help will be appreciated!
You can download the MFE 8.0 Administration Guide from the knowledgebase (PD22656) or at this URL: https://mysupport.mcafee.com/eservice/productdocuments.aspx
On page 259 is the section entitled "Allow inbound access to internal servers." This section talks about the URL Translation feature.
Voila! Finally it work! it was a misconfiguration problem....i have the MFE's external interface as the destination endpoint instead of the internal servers.....also there was a dark cloud on the Application Defense settings since i was not clear how it work.Thanks anyway!!