ODK Aggregate behind Firewall access

HI all,
I have set up an ODK Aggregate VM from scratch, the Aggregate server can be accessed internally using an internal ip and also externally using a public/External IP. During the setup I indicated my external/public IP address. When accessing Aggregate using the public IP everything works perfectly and also connecting ODK Collect to the Aggregate server works fine while using the public/external IP. The network is set up in a way that the firewall blocks external IPs from being accessed internally and internal IPs from being accessed externally. Thus my challenge, how can I go about such a situation?

The easiest solution is to change the network's behavior. Why prevent internal devices from accessing external services?

Hi, @Anguyo.

I agree with @yanokwa. I'm no networking expert, but I have some experience with that and it's a very common network configuration to allow outgoing traffic and to block incoming traffic. It's common also to allow specific servers inside your network to be accessed from the outside, like in the case of your Aggregate server.