I have a Sophos XG 18.5 VM deployment within a proxmox virtual environment. LAN, WAN, and DMZ are, at this point, all talking and working as expected with the rules I've created. Sophos' ports are actually VMBRs within the VE: vmbr0 to lan, vmbr1 to wan, etc. vmbr1 is not set with a static IP, instead the modem router passes the DHCP to the wan port in Sophos over vmbr1. (before anyone mentions PCI passthrough to the VM: it is not an option)
However, I have a server on the DMZ that I need to create a DNAT rule to for external access. when I configure a DNAT rule with the wizard it immediately drops all communication from internal (both LAN/DMZ) to WAN. the internal network continues operating like normally but can not reach external addresses. I can still access my sophos from outside but all other devices are knocked offline.
I have a few guesses to why the normal DNAT deployment would have issues with this setup, but they all go back to that original vmbr1 bridge, could the DNAT rule or one of the auto-created loopback/reflexive rules be routing internal network to the bridge and not letting it get outside the VE? I do not know. I've tried creating them all separately and/or turning them off one by one, no change in behavior.
Deleting the DNAT rule, and associated loopback/reflexive rules and performing a reboot restores the network back to it's current state of working as expected. I've done plenty of DNAT rules, even going back to the Business Application rules and manual NAT rule creations, I've never seen a simple DNAT do this but I've also never messed with DNAT on a virtualized sophos install either.
Any help is appreciated.
This thread was automatically locked due to age.
