Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Support Please Xg 135

Hello everyone, I need assistance in configuring the internet connection with a real IP entering through WAN on port 1 and going out as a real IP on port 2, while distributing it as a local IP. Please help me with this.



This thread was automatically locked due to age.
Parents
  • Hi,

    Your description does not make much sense.please expand your requirement.

    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I want the wan cable that enters as a real ip to exit as a real ip and as a local network.

  • I assume that you may need to create a DNAT rule so the public IP will translate to an internal IP that your server gets. This together with an outbound (SNAT) rule so the outgoing traffic for your server uses the same public IP as the traffic arriving from the internet.

    There are not a lot of reasons to actually have a public IP-address physically on the NIC of a server behind your firewall. 


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I don't really understand, can you help me on this issue by connecting remotely?

  • What is the size of the WAN IP address range?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I will be glad to help you from this forum. However I do not give remote support by connecting to your firewall.

    On your WAN-interface, you can add an alias for the desired public IP-address (if it is not already the address that is set-up on the interface itself). Of course this alias should be inside the /27 network range.

    Then in Hosts and services create an IP-host for your internal server using an internal IP-address for the subnet where the server is connected.

    Next go to Rules and Policies and choose the "server access assistant (DNAT)" by clicking on the down arrow on the button Add firewall rule.

    1. select the host object you just created for the local server and continue to next step
    2. select either the alias or the public IP on the WAN port (quick search by enterin #Port2 (most often Port2 is used as WAN interface, but it could be a different port in your installation)
    3. Next select the services (which port(s) should be accessible from the outside (several pre-defined services are already included, but if the port you need is not included you should first add it under Hosts and services -> Services)
    4. Select the source networks that are allowed to access your server (it will likely be "any" if you would like to open the port for everyone from the internet).
    5. You will now get an overview of all settings that are going to be created. All NAT-rules will automatically be created so your server is accessible from the desired IP and traffic from the server to the internet will use the same IP. Even a loopback NAT rule will be generated for internal clients so they can also reach the server on it's public IP.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • I will be glad to help you from this forum. However I do not give remote support by connecting to your firewall.

    On your WAN-interface, you can add an alias for the desired public IP-address (if it is not already the address that is set-up on the interface itself). Of course this alias should be inside the /27 network range.

    Then in Hosts and services create an IP-host for your internal server using an internal IP-address for the subnet where the server is connected.

    Next go to Rules and Policies and choose the "server access assistant (DNAT)" by clicking on the down arrow on the button Add firewall rule.

    1. select the host object you just created for the local server and continue to next step
    2. select either the alias or the public IP on the WAN port (quick search by enterin #Port2 (most often Port2 is used as WAN interface, but it could be a different port in your installation)
    3. Next select the services (which port(s) should be accessible from the outside (several pre-defined services are already included, but if the port you need is not included you should first add it under Hosts and services -> Services)
    4. Select the source networks that are allowed to access your server (it will likely be "any" if you would like to open the port for everyone from the internet).
    5. You will now get an overview of all settings that are going to be created. All NAT-rules will automatically be created so your server is accessible from the desired IP and traffic from the server to the internet will use the same IP. Even a loopback NAT rule will be generated for internal clients so they can also reach the server on it's public IP.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data