Hi everyone,
In Luxembourg, for security reasons, it is mandatory to have 2 levels of firewall from different brands.
For one of our customers, we have installed a XG115 behind the already existing Fortigate 30E.
The problem is that the XG115 seems to rewrite source IPs even if NAT is disabled.
In the example below, the monitoring server (on the right) tries to contact the monitoring agent on the port 10050 (Zabbix)
Looking at the logs on the XG115, we can clearly see the packets with their source IP (192.168.0.250) and the destination (10.255.255.210) which is the Zabbix agent
But on the server where the monitoring agent is connected, the source IP has been replaced by the internal IP of the XG115
The problem is that the monotoring agent rejects the packet because the source IP is not correct
My rule is here.
We don't do NAT at all. I don't understand at all why the Sophos rewrites the source IP 192.168.0.250 to its own IP address.
Does someone have an idea?
This thread was automatically locked due to age.
