Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 135 with IP over WAN, in a different network than Alias interfaces

I can have on the same WAN interface, an IP 189.10.10.46/255.255.255.192, with gateway 189.10.10.1.
And several IP Alias on the same interface, only on a different network, 189.10.20.16-189.10.20.30/255.255.255.240?

Alias would be for publishing services hosted on the internal network, such as web server, erp application, e-mail server, etc.

Wait and thanks !



This thread was automatically locked due to age.
Parents Reply Children
  • Yes, it lets you configure, this is done in version 17.5.9 MR9, the question is, does it work? If XG will be able to receive and route packages.

  • Ivanildo,

    I will perform a test on my lab and let the community knows.

    Regards

  • I can confirm, it works.

    18:57:13.814608 ifb0, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 24445:25885, ack 7440, win 365, length 1440
    18:57:13.814633 Port2, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 24445:25885, ack 7440, win 365, length 1440
    18:57:13.814658 ifb0, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 25885:27325, ack 7440, win 365, length 1440
    18:57:13.814666 Port2, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 25885:27325, ack 7440, win 365, length 1440
    18:57:13.814739 ifb0, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 27325:28765, ack 7440, win 365, length 1440
    18:57:13.814748 Port2, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 27325:28765, ack 7440, win 365, length 1440

    I applied the proper NAT on v18 and created an ad-hoc firewall rule.

    It works!

  • I tested it here, it worked very well.

     

    Sophos XG supports having an IP of a network on the interface and the Alias on another network, the provider sends the packages to the services published in the Alias and it accepts :)
    Now how the provider does his part, I don't know.

    See the picture of how it turned out.

    Thank you for your support!