Port forward on XG 17.0.3 MR-3

Question

Hi Guys 
 i am trying to do some port forwarding on my newly install xg firewall. 
 i have look around the web and found this guide: 
 https://community.sophos.com/kb/en-us/122976 
 but i think this guide is from a different \ older version. 
 my port forwarding screen looks different. 
 for example: i dont have a "forward type" field. 
 
 how do i create port forwarding rules? 
 lets say for example, that i want to forward port 12443 to port 3389 
 i have a server that i want to access from the internet. 
 how do i do that? 
 
 here is a screenshot of my dnat creation screen:

Karlos · Accepted Answer

Hi Avi, 
 As per your first image, the service object you created is incorrect. Currently you have source port set as 12443 and destination port as 3389. 
 This service object is for the purpose of defining what service port 12443 is and not where you specify the port translation. 
 The port translation is specified under the "Mapped Port *" section. 
 As I mentioned earlier, for your first image, it would be in the format - source: 1-65535, destination: 12443. 
 What this means is the port the request is coming FROM (which would typically be a private port) or the 'Source' and the service port that is requesting to use, which would be the 'Destination.' 
 Hope that makes sense. 
 Thanks, Karlos

Karlos · Answer

Hi Avi, 
 That KB article will need to be updated for v17. Thanks for bringing to our attention. 
 I have created an example DNAT rule based on your request below.For a non-standard port like 12443, you will need to create a new Service Object. This will be in the format, source: 1:65535 destination 12443. 
 
 Please let me know if you have any questions. 
 Thanks, Karlos

sachingurung · Answer

Hi Ajay, 
 #9 in my troubleshooting guide , you cannot choose to map ports, when, 
 
 If no TCP/UDP Service Selected -> Disable mapped port option 
 If multiple services are selected -> Disable mapped port option 
 If Service selected is with TCP/UDP combination -> Disable mapped port option 
 If service group is selected -> Disable mapped port option 
 If Service selected has only TCP or UDP ports, then it must not exceed 16 ports 
 Public service can not have both ports and range 
 Public service should have only single range of ports 
 Mapped port should have equal number of ports as given in public service or mapped port should have a single port. 
 
 If your definition doesn't comply to these points, the mapped port option will be greyed out. 
 Hope that helps.