Hi all,
Creating a port forward or dnat rule to the firewall ip
Is is best to port forward to the lan int ip or the wan int ip
Thanks,
Rob
This thread was automatically locked due to age.
Hi all,
Creating a port forward or dnat rule to the firewall ip
Is is best to port forward to the lan int ip or the wan int ip
Thanks,
Rob
Hello there,
Thank you for contacting the Sophos Community.
What is it that you’re trying to achieve?
Usually, you would use the DNAT rule to give access to a Server behind the XG not to a LAN interface of the XG.
For the Public IP address, in the DNAT rule, you’ll select the Port that has the # and the Public IP "#Port2 - 100.99.88.77" (Given Port2 is your WAN) then select the Service that you want to pass down to the Server behind the XG.
Regards,
emmosophosI want to do a dnat to the actual firewall itself, not a server behind it
Hi,
you don't need a DNAT rule unless you are trying to specifically pass to an internal device. When you installed the XG there would have been a default NAT rule created which all you need.
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Hi,
you don't need to create firewall rule or even a NAT rule to access the firewall from the WAN, you enable access in the administration -> device access tab. Though this method is not recommended because of attacks. If you require access to your XG from the WAN I recommend you use the free version of CM. The free version of CM holds 7 days of data and provides remote management of your XG.
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Hi,
there probably is using ACL, but please remember that the traffic hits the firewall external interface before being passed to firewall rules.
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Hi Sophos User1175,
Just adding to what rfcat_vk said,
Refer to the article below to know more information on 'local service ACL exception rule'
Hi,
a suggestion you might like to think about and maybe even experiment with.
You setup an incoming firewall rule with a dnat.
the trick being to set a range incoming that the address and port translation point at the internal interface of the XG. So that way you don’t need to provide wan access to the XG.
ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Hi,
a suggestion you might like to think about and maybe even experiment with.
You setup an incoming firewall rule with a dnat.
the trick being to set a range incoming that the address and port translation point at the internal interface of the XG. So that way you don’t need to provide wan access to the XG.
ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.