I have a need to isolate from a business network and wondered what capabilities the Sophos XG (18.5.3) has. In that, I've built rules for the following:
Packet from 10.1.1.1 destined to a DMZ 192.168.1.1 address, nat out to business site address which sits at 192.168.50.24 (original 10.1.1.1 src 192.168.1.1 dest, translated 192.168.1.1 src, 192.168.50.24 dest). This is all working fine; however I don't want the firewall to know on a local level that 192.168.50.24 sits on the network (i.e. I don't want to advertise this network or have it visible on the "LAN" side of the firewall, I want it isolated just to this location/DMZ interface).
In a router I'd do a policy based route to point the resulting post-NAT packet out the DMZ interface. Can that be done here? Or - is there VRF functionality to where I can isolate the DMZ off in it's own area?
This thread was automatically locked due to age.