Port forwarding on some ports just not working XG135W

I have a customer with an XG135W SFOS 17.0.6 MR-6 and they need port forwarding set up.


Very simple, in fact it couldn't be more simple. Port 4235 needs to go to one of their servers.


So far:

Checked on the internal LAN that the port is open on the receiving machine - telnet 192.168.x.x 4235 Connection is fine


But from an external address it does not reply to telnet <WAN IP> 4235


If I get rid of the mapped service and set that to ANY, I can make this telnet connection.


Also, if I search my logs for any connections to 4235 it finds nothing, so troubleshooting is impossible.


Set up DNAT rule. 

Source Zone: WAN (also tried ANY)

Allowed Client Networks: ANY

Blocked Client Networks: None


Destination Host: WAN PORT

Services: TCP Source 4235, Destination 4235


Forward to

Protected Server: Internal server IP

Protected Zone: LAN

Change Destination: unticked



IP: None

TS: None

No Restrictions

Unticked Rewrite source address, Create Reflexive rule


Log Traffic Ticked.






I've been on this for hours, and frankly am starting to look useless in front of my client and this really should be a five minute job (Cisco Accredited engineer). I was thinking of moving my customers to Sophos but on what I've seen so far it's over complicated and buggy. Have also replicated the same problem on a spare XG210 I have in the office.

I'd really appreciate some quick help with this this morning.

  • This is solved through Sophos Support and I shall update this case in the hope it saves someone else the waste of time I've had.

    In the Service that I set up for the port 4235.

    Source Port is *

    Destination Port is 4235


    This seems completely wrong to me, but that's how it works.

    Hope that helps.

  • In reply to Neil Lough:

    This Sir has been a GOD SEND!... I am just testing out SOPHOS and have encountered many ISSUES to SIMPLE configuration request and shitty documentation. 
    I agree with your premise that his setup makes no sense, but when has that ever stopped anyone.

    Thank you again!