I have just setup a DNAT rule on an XG running SFOS 18.0.4 MR-4. I created the rule using the Server Access Assistant. I can see traffic being allowed through on the firewall rule that was created but am unable to see the webserver that I have created the NAT for.
Not sure if there is something I'm missing.
NAT Rule:
Original Source: Any
SNAT: Original
Original Destination: Public IP (Added as an alias on the WAN interface)
DNAT Webserver internal address
Original Services: HTTPS
PAT: Original
Firewall Rule:
Source Zone: Any
Source Network: Any
Destination Zone: LAN
Destination Network: Webserver internal IP
Services HTTPS
Is there anything in this that is wrong?
Hello there,
Thank you for contacting the Sophos Community.
In the NAT Rule, is the Interface Matching Criteria (Inbound Interface) using the correct Port?
In the Firewall rule, try changing
Source Zone = WAN
Destination Network = Port2 (or the Port of your Public IP)
Regards,
Hi,
So I have made the changes you suggested but still have the same issue
Thanks
If you do a TCPdump on the Interface that connects to the server you are trying to access do you see packets going out towards the server?
# tcpdump -eni Port1 host 172.16.15.100 and port 443 (Substitute accordingly to your setup)