Access to webserver (VPS): http://vcTerminal.company.com:9595

Hi Fotit,

Thank you for reaching out to Sophos Community.

If you had tested out the Rule

Source: LAN - Destination ANY, Services HTTP/ Port, and it’s still not working.

Kindly check the log viewer(packet capture, TCPDump, Conntrack) as to what has happened to the traffic. 

Where it was dropped or blocked.

Check if it has gone out of your Firewall

Does it go out on the correct WAN interface etc

Or create an FW rule on the very top with a single IP for the source ( for security ) and allow all access (Destination, Services ) to ANY, then checked the traffic logs

Hi Erick, thanks for your help

Before to do the troubleshooting, can you tell me the correct rule for this traffic please. I want to make sure the rule is correct

VPS--> http://vcTerminal.company.com:9595

source zone:lan

destination zone: wan

networks source: Any

network destination: ??

services: ??

web policy: ??

Hi Fotit,

You may define the network destination/create to vcTerminal.company.com( IP address). You can check by pinging

services: 9595

Web Policy: Don't use one first for testing

Hi Fotit,

You may define the network destination/create to vcTerminal.company.com( IP address). You can check by pinging

services: 9595

Web Policy: Don't use one first for testing

ok Erick

I will test this and get back to you

Hi Fotit,

You may use these references.

• Create & Configure Firewall Rules
• Add a FW Rule

Hello Erick

!!!! i don't know why it's still not working

This is my rule:

source zone:lan

destination zone: wan

networks source: Any

network destination: IP address of server

Services: only Port-9595

Web policy: allow all

Is there any way to check this problem?

Hi Fotit,

You may check the packet by doing a Packet Capture.

Determine what is happening to the packets, whether it’s being blocked or dropped, whether is it going to the correct Port, have you put the FW policy on the very top, and so on.

You may check my first message to you for troubleshooting.

Hi,

maybe because it's http!?

But i took another FW on BO, then i created default FW rule ( any to any and services any)
there are only two port : port lan and port wan
but there is no resutls when using browser !!
I can ping the server from FW , and all it's good (allowed) with policy tester
how can i use packet capture?

Hi,

We can't determine unless we check what is happening to the Packet.

Kindly check this KB's and Techvid

Log Viewer

Log Viewer Enhancements

Review Monitor & Analyze - Sophos XG Firewall

Hi, 

for log viewer, the traffic is allowed, the packets are sending but there is no receive

But i just find the nat-rule-id is "0" !!?

There is generale NAT rule for all traffic from LAN Zone to WAN Zone, then obviously i haven't nat-rule-id n&***;0 !!

what does that mean?

Why this traffic from LAN Zone to WAN Zone is not nated?

Ah ok, may be i need to add port=9595 in original services on the general nat rule ! is it right ??

because the original service on nat rule is not "ANY", there are selected port !!

Good Erick !

The problem is resolved

It was a problem on the nat rule, i just add the port of VPS and now i can access to it 

Thanks you very very match!!

Hi Fotit,

That is great to hear.