Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 4130 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Rule not Working

Chaydo Nazario

I need a help. 

I made a DNAT configuration on our sophos XG 210, to able to access some service on our network but until now, when i try to check if the port is open or not, still closed and service not work externally, using public ip. 

screenshot In attached:



This thread was automatically locked due to age.
Parents
  • 0

    You have the DNAT service changed when you don't need to? (API_service)

    When creating a DNAT rule, should you leave the Translated Service as the original if it does not need to be changed? sorry, I'm using the UTM and don't know the proper wording, but am referring to the way the UTM NAT rules are created, where you don't change the service unless you have to because it could cause issues. Does it apply to the XG too and could it be causing issues??

Reply
  • 0

    You have the DNAT service changed when you don't need to? (API_service)

    When creating a DNAT rule, should you leave the Translated Service as the original if it does not need to be changed? sorry, I'm using the UTM and don't know the proper wording, but am referring to the way the UTM NAT rules are created, where you don't change the service unless you have to because it could cause issues. Does it apply to the XG too and could it be causing issues??

Children
  • 0 in reply to alan weir

    Port NAT from and to the same Service should not cause issues. And if the logviewer shows green, and you mouse over the port and take a look at the packets / bytes transferred, it is likely an application issue. 

    The logviewer entry, which shows blocked, is likely a "Connection Close" Packet, which the server sends to close the connection but the firewall already closed. 

    __________________________________________________________________________________________________________________

  • 0 in reply to alan weir

    Hi alan weir , thanks for your support. 


    Did you switch the DAR service when you didn't need it? (API service)

A: I changed the port to 8000, as I suspected that port 6050 was being used by another service. e By default, the API service we intend to publish runs on port 8000, so decide to keep it on that port.

When creating a DNAT rule, should you leave the Translated Service as the original if it doesn't need to be changed?

A: Yes. I didn't change any settings.

Does this apply to the XG as well and could it be causing problems?

A: I believe so.
  • 0 in reply to LuCar Toni

    Hi, thanks LuCar Toni 


    NAT port to and from the same service should not cause any issues. And if the logviewer shows green and you hover over the port and watch the transferred packets/bytes, then it's probably an app issue.
A: In logview, I should move the mouse closer and see if there is packet transfer right?

The logviewer entry, which shows blocked, is probably a "Connection Close" packet, which the server sends to close the connection, but the firewall has already been closed.

A: I haven't started to do the application connection tests yet because I have been doing port tests with this app.

    portchecker.co/checking

  • 0 in reply to Chaydo Nazario

    Have you opened the original port on a firewall rule on the Firewall WAN IP?

Unfiltered HTML