Na verdade consegui resolver hoje pela manhã;
Foi preciso criar uma LOOPBACK.
Caso alguém esteja com o mesmo problema fica a dica!
A fonte foi de fórum em inglês…
… so I have been persistent in my research and I believe I have found the solution thanks to the messages in this thread (efwsupport.com/index.php?topic=1065.15)
But to summarize and put it all together. This is what I needed to do to get access from GREEN->RED->GREEN.
Firewall->Port forwarding/Destination NAT (image 1)
Incoming IP
Type: Zone/VPN/Uplink
Interface: RED Uplink IP (Whatever IP is needed by your external IP)
Incoming Service/Port
TCP 80 (Or whatever ports you need)
Translate to
Type: IP
Insert IP: GREEN IP of server
Port/Range: 80 (or whatever it translates to, like 8081)
Access From
SourceType: Zone/VPN/Uplink
Filter policy: ALLOW
Interface: GREEN (May need to also enable from the RED if access from outside, I am testing on a small internal network and don’t have the ability to test whether or not you need to allow from RED for them)
Enabled / Log / Remark (whatever you want)
After doing this, if you will see logs show up saying the ports are accepted, but no handshake takes place. For that to happen we need to set up a Source NAT.
Firewall->Source NAT (image 2)
Source
Type: Network/IP
Network: GREEN NETWORK IP (e.g., 192.168.101.0/24) (Original post had 0.0.0.0/0 which worked, but I like to tighten things when i can)
Destination
Type: Zone/VPN/Uplink
Interface: GREEN
Service/Port
Service: ANY
Protocol: ANY
NAT
Type: NAT
To source address: AUTO
Enabled / Remark (Whatever)
t+