Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 630 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Direct proxy and KB-000035921

Nicolas HORCHOWER

Hello,

I've tried to follow this KB:

https://support.sophos.com/support/s/article/KB-000035921

I'm using SFVH (SFOS 18.0.4 MR-4) on a VM.

So I have Port1 and Port2 mainly.

First thing, Port2 is in Zone WAN, in this zone, gateway is mandatory (no mention in the KB about this). 

I've moved it to zone none, because each time my static route was not appearing in console shell 'ip r'

I've change my default NAT to a new object which has my MyDummyIP ip, so now I can see the packets correctly source NAT and leaving the VM.

but no traffic going back to the FW.

On my hypervisor, I've run a

 pktcap-uw --trace --uplink vmnic0 --ip MyDummyIP --dir 0

and I can see traffic (I also do a dir 1, and same goes).

So I'm a little bit lost now Disappointed

Any Idea ?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello Nicolas,

    Thank you for contacting the Sophos Community.

    The following notes are added in the KB:

    • Port-A (LAN Zone): Specify a LAN IP address which you wish to use as a proxy.
    • Port-B (WAN Zone): Assign a unique dummy IP address to the WAN port.
    • Note: Make sure Port B is not connected. It is used only for configuration and will not affect SF operation.

    I will pass your feedback to our KB team to enhance the KB information and provide more details in the configuration.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    my fix works fine, but I no longer have a WAN zone. maybe I should create a new dummy WANzone zone to recreate a new one. All the traffic is logged as LAN 2 LAN currently, and rule creation is less easy :(

Reply Children
No Data
Unfiltered HTML