I have a server that hosts multiple dockers out to a website. I just installed my Sophos and configured a basic Lan > Wan rule with no web filtering at all. But when I go to the sites I get a 522 error. So I believe all I need to do is to get Sophos to allow Cloudflare to talk to my server? Or maybe it is an SSL issue?
Does anyone have some tips on what to check or try out?
It is primarily invalid traffic "could not associate packet to any connection"
Actually, just noticed there is this policy test tool. Apparently it needs a rule set?
I think I found the issue but I am not sure how to resolve it, my previous router was Port forwarding 80 to 180 and 443 to 1443 to allow the webserver to communicate with the WAN. There is no direct port forwarding settings available on the Sophos so I'm struggling with the process of how to configure this to work.
Hello Jonathan,
Thank you for contacting the Sophos Community.
Port forwarding is a synonym of DNAT, you can configure DNAT by following this doc link
Regards,
I have resolved the forwarding issues however my current problem has to do with reliability. When testing with the policy test I can access my websites every time, however when I first try to connect to them I get ERR_CONNECTION_TIMED_OUT
After I wait for 1-2 minutes and refresh it loads with no issue and is good for a while, then the issue reappears.
This issue has been partially solved. For anyone else having this issue I was using LetsEncrypt (Swag) Docker on Unraid to make some of my docker containers accessible through the web. (Tutorial from SpaceInvaderOne on YouTube).
On my old Asus router there were simple port forwarding options in the WAN configuration, since Sophos is an actual firewall you have to do some different changes to allow port 443 out using port 1443 (or whatever port your docker uses) Sophos has a video on NAT Enhancements, the relevant part is the PAT section. Following that I was able to forward the port and have the webserver start working immediately.
https://www.youtube.com/watch?v=-ekWg2Lvo5M&t=1117s
Now the only problem I have is that the webserver can not be accessed internally. Not really sure how to configure that portion.
Do you have a firewall rule allowing internal access b between XG ports?
ian
XGS118 - v21.0.1 MR1
XG115 converted to software licence v21.0.1 MR-1
If a post solves your question please use the 'Verify Answer' button.
I have rules configured where I can reach the sites externally and internally however there is an issue where some of the sites return with a "error connection timed out" when trying to connect to my internal network but only some of the time. The real problem is that if I leave it alone for a while and then refresh, it loads without issue.