Help with port forward rule for accessing application outside network

Question

We have an application running on a machine that has the ability to be connected through outside networks through port 47808. As I have had no luck I have made the rule as open as possible with no luck. The firewall rule has Source Zone and Source Network and Devices as Any and All the time for scheduled time. Destination is set to LAN with Destination networks being the public IP of the Sophos firewall and the internal IP of the computer with the application. Services are set to port 47808. 
 I also have a DNAT rule with original source as Any, Original Destination as the Sophos public IP and Original Service as https. Translated Source is MASQ, translated destination as the IP of the internal machine and Translated service as port 47808. 
 I tried playing around with creating a loopback and reflexive rule but do not believe I did this right. 
 Suffice it to say no matter what I do I cannot establish a connection to the application. Anyone know how or have any other suggestions?

dirkkotte · Answer

You should use the DNAT-Wizzard to create DNAT & matching firewall-rule. Enable logging within these rules and check with log-viewer. You may show us your NAT- & Firewal-rules.

Erick Jan · Answer

Hi George, 
 Thank you for reaching out to Sophos Community. 
 Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue? 
 Kindly try to check the following concerning DNAT with Port Forward. 
 
 Configure a port forwarding rule 
 Create DNAT and firewall rules for internal servers 
 Add a DNAT rule with server access assistant 
 NAT Enhancement Techvids 
 Also, kindly do a packet capture/TCP dump/conntrack to check what has happened to the packet.

Help with port forward rule for accessing application outside network

Top Replies