Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 40 subscribers
  • Views 6363 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Configuration of a DNAT with Port Forwarding

Matteo Defanti

Hello everyone,
I am a new user and I have a Sophos XG 115 V17.5,

I need to configure a DNAT with port translation but after thousands of attempts I wasn't able to get nowhere.
I tried to follow the indications in this page https://community.sophos.com/kb/en-us/122976that brings to: https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/concepts/policy.html

The rule is this:

Some determined IPs from WAN can entry on port 4022 and being redirected to the port 22  of a determined client

The rule below works, but it only take those who enter the WAN IP and the SSH Port and port translation is not working.

I noticed that I cannot write anything in the Mapped port in the Forward To parameters.

 This is the working configuration. (But without port transalting)

The rule here below doesn't work and even here I cannot write anything in the Forward To part of the settings of the new business rule.


I would like your help to know how to set a DNat with Port Forwarding, thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I think there might be a misunderstanding because port 4022 will be NATed by your source so you will need to use the default SSH definition which you cannot alter.

    Port 4022 will not in most cases appear on the external interface of the XG.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    So what would be for you a solution,
    Let's imagine this scenario, which is not that impossible, suppose that we have 3 webservices all 3 working on port 80 and they must be exposed with port translation.


    How can I redirect for example:

    [PublicIP]:8081 to the first
    [PublicIP]:8082 to the second
    [PublicIP]:8083 to the third

     

    Thanks

Reply
  • 0 in reply to rfcat_vk

    So what would be for you a solution,
    Let's imagine this scenario, which is not that impossible, suppose that we have 3 webservices all 3 working on port 80 and they must be exposed with port translation.


    How can I redirect for example:

    [PublicIP]:8081 to the first
    [PublicIP]:8082 to the second
    [PublicIP]:8083 to the third

     

    Thanks

Children
Unfiltered HTML