Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 1236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why does my XG115 rewrite source IPs?

Thomas SIBILLE

Hi everyone,

In Luxembourg, for security reasons, it is mandatory to have 2 levels of firewall from different brands.

For one of our customers, we have installed a XG115 behind the already existing Fortigate 30E.

The problem is that the XG115 seems to rewrite source IPs even if NAT is disabled.

In the example below, the monitoring server (on the right) tries to contact the monitoring agent on the port 10050 (Zabbix)

Looking at the logs on the XG115, we can clearly see the packets with their source IP (192.168.0.250) and the destination (10.255.255.210) which is the Zabbix agent

But on the server where the monitoring agent is connected, the source IP has been replaced by the internal IP of the XG115

The problem is that the monotoring agent rejects the packet because the source IP is not correct

My rule is here.

We don't do NAT at all. I don't understand at all why the Sophos rewrites the source IP 192.168.0.250 to its own IP address.

Does someone have an idea?



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi

    Thank you for reaching out to Sophos Community.

    NAT ID 1 is the default snat rule to perform source translation. You can create a NAT rule for the Zabbix agent.

    Here is a sample snapshot for reference.

  • 0 in reply to FormerMember

    Thank you so much Yash !

    I was confused by the "linked nat" logo next to the rule. I thought that, since there was nothing liked to my rule "Zabbix Monitoring", there was no NAT at all applying to the rule.

    But if I understand well : even if there is nothing linked to the firewall rule, it will apply the first NAT rule that matches the criteria ?

Reply
  • 0 in reply to FormerMember

    Thank you so much Yash !

    I was confused by the "linked nat" logo next to the rule. I thought that, since there was nothing liked to my rule "Zabbix Monitoring", there was no NAT at all applying to the rule.

    But if I understand well : even if there is nothing linked to the firewall rule, it will apply the first NAT rule that matches the criteria ?

Children
Unfiltered HTML