Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 2811 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Question

Steve Klassen

Just a question here. I have a red device in a small office(lets call it 192.168.10.0). That red device is connected to an xgs firewall(firewall 1, 192.168.20.0), and this firewall has a vpn connection to firewall 2(192.168.30.0). The vpn only passes traffic between the 192.168.20.0 and 192.168.30.0 networks. I wanted to allow one ip on the 192.168.10.0 network to talk to one ip on the .30 network. I tried to set up a NAT on firewall 1 to SNAT traffic from the .10 ip and replace the source with the .20 network internal interface. Nothing i did would make this work. Any Ideas?

|RedDevice| ->>  xgs firewall 1  ->> VPN ->> xgs firewall 2



This thread was automatically locked due to age.
Parents
  • 0

    Hello Steve Klassen,

    Greetings!

    If your RED setup with Standard/Split method, it will not send the traffic of the 192.168.30.0 traffic on SophosXG1. You shall have to add the network 192.168.30.0 in RED accessible resources and later firewall rule and NAT rule which is created should work as you mentioned. Just made sure that the RED to VPN and VPN to RED rules are created.

     

    Mayur Makvana
    Technical Account Manager | Global Customer Experience
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Mayur Makvana

    Our RED is in standard\unified mode, so all traffic from .10 should be delivered the .20 firewall.

    The .10 network is part of the LAN zone on the .20 firewall

    The .10 network and the .20 network can already communicate so no firewall rules needed. The .20 network and .30 network also can communicate already, so no firewall rules needed.

Reply
  • 0 in reply to Mayur Makvana

    Our RED is in standard\unified mode, so all traffic from .10 should be delivered the .20 firewall.

    The .10 network is part of the LAN zone on the .20 firewall

    The .10 network and the .20 network can already communicate so no firewall rules needed. The .20 network and .30 network also can communicate already, so no firewall rules needed.

Children
No Data
Unfiltered HTML