Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 41 subscribers
  • Views 3526 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS 3100 LAN to LAN using NAT

sbay

Today we want to replace our old UTM with an XGS 3100 cluster. In advance, we had created rules manually. But we were only able to test it today.

We have a LAN port 1 (192.168.2.0/24) and a 2nd LAN on port 7 (192.168.201.0/24)
When I access 192.168.2.x from the network 192.168.2.x via SSH to a server in the network 192.168.201.x, I always get the IP of the gateway (192.168.201.1).
I don't have a NAT configured for it though.
The UTM also showed me the correct source IP.
Where and how can I get the XGS not to perform NAT between LAN interfaces?

The Sophos is configured as a gateway instance.
SFOS 20.0.0 GA-Build222 is installed as firmware.

We also noticed that none of our SNAT rules work over the IPSec tunnels. Even if we link a rule to a NAT rule.

Are we doing something wrong or is there something else that needs to be created?

Greeting
Sascha



This thread was automatically locked due to age.
Parents
  • 0

    Hi sbay

    Do Packet capture in case not working to narrow down the issue under MONITOR & ANALYZE || Diagnostics || Packet Capture.

    Check by creating a Test firewall rule from LAN to LAN click on Link NAT rule and select MASQ or the IP address you want to translate with Translated source (SNAT)

    RRegards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi sbay

    Do Packet capture in case not working to narrow down the issue under MONITOR & ANALYZE || Diagnostics || Packet Capture.

    Check by creating a Test firewall rule from LAN to LAN click on Link NAT rule and select MASQ or the IP address you want to translate with Translated source (SNAT)

    RRegards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML