Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

domain based natting in sophos xg firewall

Hello, I only have one public IP address, but I have several domains, such as ui.mw.com, uat.mw.com, and demo.mw.com Similarly, I currently use port forwarding to visit various domains, such as uat.mw.com:7443 and demo.mw.com:6443. It's doing well, however because my routing is based on domains rather than ports, I must run all of my web servers in the 443 port. Using the Sophos XG Firewall, how do I route domain-based natting? 



This thread was automatically locked due to age.
Parents
  • That is no NATing at all, you will need to use the Web server protection feature to achieve that.
    That feature runs on port 80 or 443 and will forward the request based on the entered FQDN to the servers at the backend.

    In the firewall rule you have to select "Protect with web server protection" to get into the assistant that helps you configuring it. Some webservers will need a bit more configuration if something isn't working.

    Web server protection needs an own subscription. The only other thing you could do is position a reverse proxy like nginx on one server where 443 is NATed to and that then decides, which internal server will be contacted using the different FQDNs.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  • ok sir will check and update 

Reply Children
  • WAF is the best option as kerbora already wrote.
    But DNAT (use the wizard) is also an option.
    You can send every port from one external IP to another internal server with port 443.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.