Hi Guys,
Sorry in advance if this is dumb question but i could not find anything on this and just want to know if it is possible. I have a Sophos XG Firewall in gateway mode connected directly to the internet and on port 1 a network of 10.1.1.1/24 is created which is connected to another router 10.1.1.2 (NAT). Behind the router this is 2 more networks 192.168.1.1/24 and 192.168.2.1/24. So basically it becomes double NAT.
One of them is a normal network the other one is a guest network just as an example. I want to apply web filtering policies based on the networks. I have created the appropriate firewall rules.
Rule 1 --> Any traffic for WAN from any LAN zone and host network is 192.168.1.1/24 all traffic is to pass. (no web filtering/allow all)
Rule 2 --> Any traffic for WAN from LAN zone and host network is 192.168.2.1/24 , a default web filtering policy is to apply.
Since the traffic is natted and shows the network as 10.1.1.2 , none of these rules work. So in order for internet traffic to pass, i have add another network zone 10.1.1.1/24 for any web traffic to flow. So rule 1 becomes
Rule 1 --> any traffic for WAN from any LAN zone and host network is 192.168.1.1/24 or host network is 10.1.1.1/24 all traffic is to pass.
But this means that i am not able to do web filtering based on the network behind the router. I know i can bridge the interface but this router does not support bridging (and i dont want to due to some other reasons). And i also cannot remove the router (This is needed for other stuff).
Is there any way i can fix this. I have attached the screenshot from the log.
This thread was automatically locked due to age.