Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 9 subscribers
  • Views 36611 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forward on XG 17.0.3 MR-3

Avi Bar Ilan

Hi Guys

i am trying to do some port forwarding on my newly install xg firewall.

i have look around the web and found this guide:

https://community.sophos.com/kb/en-us/122976

but i think this guide is from a different \ older version.

my port forwarding screen looks different.

for example: i dont have a "forward type" field.

 

how do i create port forwarding rules?

lets say for example, that i want to forward port 12443 to port 3389

i have a server that i want to access from the internet.

how do i do that?

 

here is a screenshot of my dnat creation screen:



This thread was automatically locked due to age.
Parents
  • 0

    Hi Avi,

    That KB article will need to be updated for v17. Thanks for bringing to our attention. 

    I have created an example DNAT rule based on your request below.For a non-standard port like 12443, you will need to create a new Service Object. This will be in the format, source: 1:65535 destination 12443. 

    Please let me know if you have any questions.

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to Karlos

    Hi Avi,

    That KB article will need to be updated for v17. Thanks for bringing to our attention. 

    I have created an example DNAT rule based on your request below.For a non-standard port like 12443, you will need to create a new Service Object. This will be in the format, source: 1:65535 destination 12443. 

    Please let me know if you have any questions.

    Thanks,
    Karlos

     

    Hi Karlos.

    thank you for your reply.

    i have done exactly as you advised but it doesnt work.

    although i am very impressed with the xg firewall...

    i have to say its the most difficult one when it comes to port forwarding.

     

    here is what i did:

    1. 

    2. 

  • +1 in reply to Avi Bar Ilan

    Hi Avi,

    As per your first image, the service object you created is incorrect. Currently you have source port set as 12443 and destination port as 3389.

    This service object is for the purpose of defining what service port 12443 is and not where you specify the port translation. 

    The port translation is specified under the "Mapped Port *" section.

    As I mentioned earlier, for your first image, it would be in the format - source: 1-65535, destination: 12443.

    What this means is the port the request is coming FROM (which would typically be a private port) or the 'Source' and the service port that is requesting to use, which would be the 'Destination.' 

    Hope that makes sense.

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to Karlos

    Hi Karlos.

     

    that worked!

    thank you very much!

    i would have NEVER guessed that this the way to do that!

  • 0 in reply to Karlos

    Hello,

     

    I'm having trouble that the Port Mapping Field is disabled. I've selected services and also created custom service port but in "Forwad To" section, I'm not getting the "Mapped Port" field enabled, I mean can not do any entry in it.

     

     

    Please suggest.

  • 0 in reply to Ajay Sharma1

    Hi Ajay, 

    #9 in my troubleshooting guide, you cannot choose to map ports, when,

    1. If no TCP/UDP Service Selected -> Disable mapped port option
    2. If multiple services are selected -> Disable mapped port option
    3. If Service selected is with TCP/UDP combination -> Disable mapped port option
    4. If service group is selected -> Disable mapped port option
    5. If Service selected has only TCP or UDP ports, then it must not exceed 16 ports
    6. Public service can not have both ports and range
    7. Public service should have only single range of ports
    8. Mapped port should have equal number of ports as given in public service or mapped port should have a single port.

    If your definition doesn't comply to these points, the mapped port option will be greyed out.

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0 in reply to Ajay Sharma1

    Hi Ajay, 

    #9 in my troubleshooting guide, you cannot choose to map ports, when,

    1. If no TCP/UDP Service Selected -> Disable mapped port option
    2. If multiple services are selected -> Disable mapped port option
    3. If Service selected is with TCP/UDP combination -> Disable mapped port option
    4. If service group is selected -> Disable mapped port option
    5. If Service selected has only TCP or UDP ports, then it must not exceed 16 ports
    6. Public service can not have both ports and range
    7. Public service should have only single range of ports
    8. Mapped port should have equal number of ports as given in public service or mapped port should have a single port.

    If your definition doesn't comply to these points, the mapped port option will be greyed out.

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML