I have a McAfee Enterprise Firewall (8.2.1).
I am having a problem with getting "Access Denied" when trying to go to a specific public IP which is a web server. That specific public IP is hosted behind the same firewall in a DMZ that I am trying to go out on. Accessing this public IP is not a problem outside our network (on the internet). The firewall it seems doesn’t like the traffic going out and coming right back in to the DMZ. There is a rule in place that allows HTTP traffic from the internet into the web server and it redirects the public IP to the LAN IP of the web server (this workswithout issue). I am trying to create a rule (so far unsuccessfully) to try and redirect users on the LAN going to this public IP to the LAN IP in the DMZ of the web server, in order to get around the Access Denied error. However I still get Access Denied. I have the IP in the global allow list on the firewall.
Can anyone help me tweak this rule?
I can access web server internally from the LAN IP in the DMZ without issue.
Internet (external users) can access the web server without issue.
Internal users cannot access the web server by going to the public IP (get Access Denied).
I am looking to redirect the request to the specific public IP to the LAN IP, but I am unable to get past the Access Denied error when I believe the firewall rule is correct.
Rule states this …
It’s an Allow Rule (above the Deny All)
Applications: HTTP/HTTPS TCP/80;SSL/443
Source Endpoints: Any V4 IP [Zone: Internal]
Destination Endpoints: Public IP Address [Zone: Any]
NAT: local host (Host)
Redirect: LAN IP in the DMZ
GTI Host Reputation: None
Application Defense Group: Default group
IPS Signatures / Responses : None
On the firewall in the real time log (or Audit Viewing) filtered down and the error listed states …
Event: redirect address required
Reason: a redirect address was required but not found. This may be a configuration error, or it may be a probe attempt. Connection closed.
Event: ACL Deny
Reason: Traffic denied by policy
Message was edited by: xmich on 5/3/12 9:47:20 AM CDT