Aliased Second Static IP not accessible from Green

I am a newbie and this is my first post. My knowledge in this area is shallow at best.

We have recently added a second static IP ( from the internet service provider to our network for a new application. We put the new IP address as an “alias” and then configure the firewall rules to redirect any tcp traffic on 80 and 443 ports to the internal server ( that services the application.

This is working fine when the service requests are coming from the RED zone (VPN tunneled or not) in the form of:

The problem is when the same requests are coming from inside the firewall. The requests are immediately directed to the internal server ( Because of the app’s security (certificate specific?) requirements, translation of to gives error 400.

Is there a way to route the service calls on from the GREEN to RED, by-passing the internal redirection to



the firewall won’t redirect anything here. The browser address line should still show the domain name.

If not, maybe it has cached a previous response from the web browser or the web server behaves differently when the source IP address is from the local subnet?

It sounds like you have the firewall configured correctly.


My original post was a bit misleading… The URL in the browser address bar did NOT change to local server address. But I was assuming internally the request had been routed to the local server.

But anyway, from the Green Zone, accessing led to

Thinking like a newbie, I was wondering if there was a way that the Green Traffic to that specific domain could be routed to RED zone before it comes back inside Green zone?

Or there must be some more appropriate solutions?


What did you select for the source of the firewall rule? It should be any and not only RED.

Ah, that is the ticket! I knew it had to be a newbie mistake :wink:

Thank you so much, Michael!

1 Like