Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 33 replies
  • Answers 6 answers
  • Subscribers 40 subscribers
  • Views 5267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

First time user looking to switch from another product due to it being sold and stripped

midnightSun

Sophos Firewall is NOT very intuitive so far. Nothing inbound works...but the default rules to let everything outbound does. So figured id ask the community.

I've reverted to the simplest test I can think of....Port forward ICMP from WAN to a LAN workstation..

First turned on ICMP on the WAN adapter to make sure it was listening from outside. It was so I turned ICMP off.

Second made sure the Firewall can reach the workstation using its LAN connection, it can 

Created the Rule,

WAN, Any,  to  LAN, workstation 172.16.16.17  with the predefined PING

.Nothing. System isn't logging it. Just nothing. Cant forward anything.

At this point I cant test the system because it doesn't even port forward. Lots of time wasted trying to figure out why this easy test is so hard.   Thanks  



This thread was automatically locked due to age.
Parents
  • 0

    #3  Translated service (PAT)

    So it seems PAT cant do TCP and UDP at the same time? I need to write 2 separate NAT rules, one for TCP and one for UDP?  Or am I missing something. Going to be tons of rules if this is the case. 

    echo "           __     __         __         __     __    _______               ";
echo ".--------.|__|.--|  |.-----.|__|.-----.|  |--.|  |_ |     __|.--.--..-----.";
echo "|        ||  ||  _  ||     ||  ||  _  ||     ||   _||__     ||  |  ||     |";
echo "|__|__|__||__||_____||__|__||__||___  ||__|__||____||_______||_____||__|__|";
echo "                                |_____|                                    ";

    ~~~ I miss Port 17. Remember using telnet to get the Quote of the Day? Maybe I'll set one up for all the port scanners.  ~~~ 

  • 0 in reply to midnightSun

    Original services containing Service Groups to PAT also doesn't work. Hummm 

    echo "           __     __         __         __     __    _______               ";
echo ".--------.|__|.--|  |.-----.|__|.-----.|  |--.|  |_ |     __|.--.--..-----.";
echo "|        ||  ||  _  ||     ||  ||  _  ||     ||   _||__     ||  |  ||     |";
echo "|__|__|__||__||_____||__|__||__||___  ||__|__||____||_______||_____||__|__|";
echo "                                |_____|                                    ";

    ~~~ I miss Port 17. Remember using telnet to get the Quote of the Day? Maybe I'll set one up for all the port scanners.  ~~~ 

  • 0 in reply to midnightSun

    Use one NAT per Service you want to NAT. I would not recommend to mix multiple services within one NAT especially due the overview nature. 

    So if you do not mix, it can be mapped. 
    What kind of service use TCP and UDP at the same time? Most services are actually TCP or UDP and not both anyway. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to midnightSun

    Use one NAT per Service you want to NAT. I would not recommend to mix multiple services within one NAT especially due the overview nature. 

    So if you do not mix, it can be mapped. 
    What kind of service use TCP and UDP at the same time? Most services are actually TCP or UDP and not both anyway. 

    __________________________________________________________________________________________________________________

Children
No Data
Unfiltered HTML