Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding on Sophos Xg86

good day

Pls i have cisco 2901 router and i configure portforwarding to access to my internal server port 49300 and from outside port 9090 and his working

Now i bought Sophos xg86 firewall , i place it between router and switch. I configured Bridge m

 

i did bridge port 1 --lan and port 2 wan , and the bridge ip is 192.168.1.2 , and the internal server ip is 192.168.1.3 

http://ip-pblic:90 , and forward port -local is 4930

router internal ip 192.168.1.1

i have configured dhcp policy on xg and is working 

the cisco router is the dhcp server --192.168.1.1



This thread was automatically locked due to age.
Parents
  • Abraham,

    screenshots provided are too small. Can you provide screenshots that are readable?

    Also, what issue, do you have?

    Thanks

  • Hello Iferrara

     

    i deployed my xg 86 in bridge mode , i bridge port 1 lan and port 2 wan  , with ip 192.168.1.2

    i have a cisco router 2901 connected to isp. the cisco router is the dhcp server for the network , i did port forwarding on the cisco router to internal server 192.168.1.3 , listening port is 90 , internal port is 4930 and is working . BUT when i deployed sophos xg 86 , access to internal server not working again this is my problem

    Access to internet is ok 

  • Thanks for the screenshot.

    If the Cisco translates already the port from 90 to 4930, on the DNAT rule, you need to use 4930 and not 90 as service and destination port.

    If the Cisco does not perform translation, you need to use first the port 90 and under mapped port the 4930.

    If it does not work, use the live logs to understand what is blocked.

    Regards

  • Ok, 

    pls do i need to check or enable following rule 

    > Rewrite source address (masquerading)
    Use outbound address
    MASQ
    MASQ (Interface default IP)
    Create reflexive rule
     
     
     
Reply Children