https://community.sophos.com/sophos-xg-firewall/f/discussions/123392/xg-550-v18-0-1-mr-1-build396Hello Sophos Community, i am experiencing the following problem: I am trying to configure the firewall in a way that it forwards a lot of requests unfiltered to two CMTS devices unfiltered via static routing. The CMTS devices are directly connecteden-USTelligent Community 12https://community.sophos.com/thread/449531?ContentTypeID=1Tue, 13 Oct 2020 09:03:45 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:21bc4716-1fc3-479d-b3f4-8cf3eb00f575LuCar Toni<p>My guess is, the Bridge is not correct. Traffic is not routed correctly to the endpoints. A bridge has own Zones for each interface. Did you check, you zones are matching?&nbsp;</p><div style="clear:both;"></div>https://community.sophos.com/thread/449511?ContentTypeID=1Tue, 13 Oct 2020 07:25:02 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:247c5204-8279-4e4f-9bef-75d4d1c34112rfcat_vk<p>Hi Alexander,</p> <p>I am little confused with your setup. CMTS provides a termination for a mobile calls and then sends traffic into the internet either Tunnel or direct connections, correct?<br />so what traffic will be incoming to the CMTS from the internet, ports, sources etc?</p> <p>you advised the CMTS devices are failover and internet access for home users but that traffic would all be sent to the 8nternet with the CMTS as the source not destination.</p> <p>ian</p><div style="clear:both;"></div>https://community.sophos.com/thread/449509?ContentTypeID=1Tue, 13 Oct 2020 06:50:38 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:a20279ea-9b6e-4969-8d54-acbf3ebe7cb3Alexander Vogel<p>Hi Ian,</p> <p>there are two&nbsp; WAN links.</p> <p>Also the CMTS devices handle the web traffic of several hundred home internet connections as this is the setup of a small internet provider. The CMTS device basically act as the standart gateway for all the customers routers. A WAF rule i think would only handle HTTP or HTTPS traffic. Since the CMTS devices neet to know the actual destination adress of the packages routed to them i also don&acute;t think a NAT rule would be helpful.</p><div style="clear:both;"></div>https://community.sophos.com/thread/449507?ContentTypeID=1Tue, 13 Oct 2020 06:37:44 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:899118a9-8854-41f5-b7dc-1b0b6266d548rfcat_vk<p>Hi Alexander,</p> <p>if there is only one source eg one WAN link you do not need routing but either a WAF rule or you existing rule with a NAT.</p> <p>Ian</p><div style="clear:both;"></div>https://community.sophos.com/thread/449506?ContentTypeID=1Tue, 13 Oct 2020 06:35:30 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:78affb5f-ea2a-4293-886d-40569a65042aAlexander Vogel<p>Hello,</p> <p></p> <p>the devices are for external use only.</p> <p>The devices are also configured to process traffic with any of the destination IP&acute;s that are suppsed to get routed to them. Hence i believe no nat rule should be necessary.</p><div style="clear:both;"></div>https://community.sophos.com/thread/449505?ContentTypeID=1Tue, 13 Oct 2020 06:27:26 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:67202ec4-5777-4caa-a6f9-d75140bcb65drfcat_vk<p>Hi,</p> <p>are these devices for use internally only or are there external users?</p> <p>Further you do not appear to a have nat rule.</p> <p>Ian</p><div style="clear:both;"></div>