[MarioL]

Hi hasim,

In an ideal configuration the external interface of the firewall should have a valid public IP (many times it's possible to configure the modem/router to pass the IP to the firewall). I would recommend that you try to get that change done when possible. Also, you should consider using SecuRemote to create a client-to-site VPN, so that you can connect remotely to your internal resources.

I don't think the configuration you are going for is ideal, since it's not as secure.
That said, you can achieve what you state like this:
- Create 3 TCP services, one for each port (3390, 3391, 3392)
- Create 3 host objects for the servers (10.10.0.1, 10.10.0.2, 10.10.0.3)
- Create one rule to allow access:
Any | 192.168.2.2 | 3390, 3391, 3392 | Accept | Log
- Create 3 NAT rules:
Any | 192.168.2.2 | 3390 | = | 10.10.0.1 | =
Any | 192.168.2.2 | 3391 | = | 10.10.0.2 | =
Any | 192.168.2.2 | 3392 | = | 10.10.0.3 | =

- You might also need to create a group with all the servers and also add it to the destination on access rule (depends on settings)

You should already have a NAT hide rule that will hide the servers on the 192.168.2.2 IP when going out.

I might have forgotten something, but I think that's it.