Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1497 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dnat port issue - from external network - Sophos XG

Marius Tarau

Hi, 

 

I am trying to allow external access to an internal Server on our network.

Appliance used is a Sophos XG430 and it sits behind a router in it's own DMZ

Here are the settings used:

 

Source Zones: WAN
Allowed Client Networks: Any
Destination Host/Network: WAN Interface - 192.168.100.254
Services: Custom Service with Source port 7999 : Destination Port 25000
Protected Servers: Custom_Name_Server_IP - 10.10.10.10
Mapped Port: 25000 (auto configured from the above custom service)
Protected Zone: LAN

 

I want to mention that the EXACT same settings worked just fine with the previous setup on a Sophos SG series appliance.

 

Any help would be greatly appreciated.

 

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Marius,

    make sure that DNAT on all port is opened on the router to the XG wan interface. For the XG rule, please share the firewall rule.

    Regards

  • 0 in reply to lferrara

    Thanks, I managed to make it work for now, I had to enter 1:65535 as the source port.

    But what I am actually trying to do is:

    Have the Sophos appliance listen for traffic on a specific port (1111 for example) and redirect to Host A on port 2000 for example. Another rule would be to listen for traffic on another port (2222 for example) and redirect to Host B on the same port 2000.

    Can this work?

Reply
  • 0 in reply to lferrara

    Thanks, I managed to make it work for now, I had to enter 1:65535 as the source port.

    But what I am actually trying to do is:

    Have the Sophos appliance listen for traffic on a specific port (1111 for example) and redirect to Host A on port 2000 for example. Another rule would be to listen for traffic on another port (2222 for example) and redirect to Host B on the same port 2000.

    Can this work?

Children
Unfiltered HTML