Hi everyone,
In Luxembourg, for security reasons, it is mandatory to have 2 levels of firewall from different brands.
For one of our customers, we have installed a XG115 behind the already existing Fortigate 30E.
The problem is that the XG115 seems to rewrite source IPs even if NAT is disabled.
In the example below, the monitoring server (on the right) tries to contact the monitoring agent on the port 10050 (Zabbix)
Looking at the logs on the XG115, we can clearly see the packets with their source IP (192.168.0.250) and the destination (10.255.255.210) which is the Zabbix agent
But on the server where the monitoring agent is connected, the source IP has been replaced by the internal IP of the XG115
The problem is that the monotoring agent rejects the packet because the source IP is not correct
My rule is here.
We don't do NAT at all. I don't understand at all why the Sophos rewrites the source IP 192.168.0.250 to its own IP address.
Does someone have an idea?
Thank you for reaching out to Sophos Community.
NAT ID 1 is the default snat rule to perform source translation. You can create a NAT rule for the Zabbix agent.
Here is a sample snapshot for reference.
Thank you so much Yash !
I was confused by the "linked nat" logo next to the rule. I thought that, since there was nothing liked to my rule "Zabbix Monitoring", there was no NAT at all applying to the rule.
But if I understand well : even if there is nothing linked to the firewall rule, it will apply the first NAT rule that matches the criteria ?
Quote