We are changing ISPs and elected to not go with a Managed Router by the ISP.
Therefore the new IP address schemas they provided are as follows:
CR IP: 32.*.*.182/30
AR IP: 32.*.*.181/30
WAN IP: 32.*.*.180/30
Usable Range: 12.*.*.106 thru 12.*.*.110
Subnet Mask: 255.255.255.248
If we would've gone with a Managed Router, then we'd setup our XG WAN interface with the LAN details (12.X.X.X)
Instead, we have to setup routing between WAN (32.X.X.X) and LAN (12.X.X.X) first. I understand how to do this with a separate piece of hardware but not with the XG.
Internet <---> WAN (32.X.X.X) <---> LAN (12.X.X.X) <---> XG WAN (12.X.X.X) <---> XG LAN (192.168.X.X)
With that said how do I configure the XG so that if a User (192.168.X.X) navigates to sophos.com, the network path routes to XG WAN (12.X.X.X) and then routes to WAN (32.X.X.X) and finally to sophos.com? If I were to do a public IP lookup, it should show (12.X.X.X), not (32.X.X.X).
Hopefully that makes sense.
Your help is appreciated!
Can you do it this way and test it?Add a NAT rule, with Source as your LAN network, and change the SNAT to the IP (12.x.x.x). Optionally you can select outbound interface as the Port which has 32.x.x.x…
Hey, Thanks for reaching out to Sophos community.You can configure Alias IP on the WAN interface of XG to add all IPs for the given pool and then use NAT Rule for configuring source NAT to change the Outbound IP. Just to confirm, Do you need to configure both 32.x.x.x and 12.x.x.x IP on the firewall or will you configure 32.x.x.x on the router, 12.x.x.x on XG, and want the public IP to be visible at 12.x.x.x ?
Thanks for your quick response.
I attempted to add alias' to the WAN port and then modify the NAT rules, but it didn't work. I'll give it a shot again and post my config screenshots.
As for the configuring the IPs on the router and XG, I'm attempting to configure both IPs (32.X.X.X and 12.X.X.X) on the XG. I don't want to add another physical router between the ISP Ethernet handoff and the XG. The XG config on how to make this work all on the OXG platform is what I'm not understanding.
Btw this is on XG v18.
Can you do it this way and test it?Add a NAT rule, with Source as your LAN network, and change the SNAT to the IP (12.x.x.x). Optionally you can select outbound interface as the Port which has 32.x.x.x IP address. Keep the NAT rule on top. You can also keep the IP of the test machine in LAN in the "Originial Source" if you don't want to hamper the entire networkSnapshot for your reference,
HOLY SMOKES!!! That simple NAT rule did the trick!!! I was trying to complicate things by looking for a way to have the XG create Static Routes and Gateways instead of translating the IP Src using NAT.
I followed your screenshot precisely. For the physical WAN interface, I add the 32.X.X.X network details first and then added the 12.X.X.X networks (5 usable IPs) as alias, just like you mentioned.
Good to hear that the solution worked for you Its always recommended to use the Allocated IP pool as Alias IPs and then Use NAT rules to translate the required IP.