[Support] Installing Firezone on a server which is behind Firewall

I am glad to be here to get support from you guys.

  • I have installed firezone on my Fedora Server 36 successfully. The server I used is already running Nextcloud on port 443 using apache, and this Server is behind Firewall and assigned local IP which is on some VLAN.
  • What I am trying to achieve here is, that I want to hide Nextcloud when accessed from outside, but serve without connecting to the tunnel when the requests are from the internal network. Here is the structure of my network:

  • As I described in the pic, currently our traffic is routed to the WAN IP on Firewall, not the public IP, that’s how we browse the internet. Currently, I port forwarded port 3001 (using the public IP)-(firezone admin panel) and port 443 to access Nextcloud; both are working for me. But as I said above I only want to access Nextcloud and other local servers through the tunnel, how can I achieve that?

  • Currently, when I connect to firezone from my phone, I can’t access the internet. Which IP should I use as Endpoint?

Thank you.

@jamil sorry for mentioning you here.
Currently, I changed my mind about surfing the internet through the tunnel but only use the tunnel for Nextcloud Traffics from outside. So please can you give me a hint, thank you.

Hmm I think you’re referring to split tunneling: Split Tunnel | Docs Firezone

1 Like

thanks, @jamil I will do that.
But on my first post, I asked which IP should I use as an endpoint to connect to the VPN from outside, I have installed Firezone on the Local Server which is behind Firewall, So when I try to connect the Server must be available publicly right?

@elhanan You’ll want to use the public IP of your network, which should be the IP Firezone uses by default. You’ll need to make sure to use the public-facing port on your home router you’ve exposed for WireGuard traffic if it’s not the default of 51820.

1 Like

@jamil Thank you so much for clearing out things for me :slightly_smiling_face:
Currently, I am forwarding port 443 of the public IP to my server where I installed Firezone. I hope it will going to work for me.

Typically port 443 is for the web portal. WireGuard listens on port 51820 by default, so you’ll need to forward that too for the VPN connection.

1 Like

@jamil Thank you so so much, I will forward port 51820 too. I liked everything about Firezone, it will simplify monitoring users on our VPN.