Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

making traffic bypass firewall NAT and go straight out to WAN

hi all,

so on our sophos FW i have set up two SD Wans as we have 2 Wans, one for our main network (wan1) and another for our guest network (wan2) as we wanted them separated so there using different public ip addresses

problem is i have a laptop going out wan2 but instead of going out wan2 and coming back in wan1 its just going straight there ie not even leaving the FW as i imagine the DNAT public address/dns is on the FW and thats why

is there a way for it to not touch the DNAT public address/dns and go straight out wan2 and back in wan1?

thanks,

rob



This thread was automatically locked due to age.
Parents
  • Just to make sure we're on the same page, you have two different public IP addresses on two different ports on your FW and you want to use SDWAN to route some of your traffic out one WAN port and some of your traffic out of the other WAN port? And behind your FW you have two different subnets and you want traffic between them to use be routed via a remote router and physically leave your FW on one port, then come back in on the other. But instead your FW -- seeing both subnets -- just routes directly between them. Is that correct?

    If so, can you explain why you want this to happen? There may be an approach that's not as complicated. Or did I get it wrong?

    It sounds like you might need to use static routing or perhaps set up a "hairpin NAT", which recent Sophos versions can do automatically.

Reply
  • Just to make sure we're on the same page, you have two different public IP addresses on two different ports on your FW and you want to use SDWAN to route some of your traffic out one WAN port and some of your traffic out of the other WAN port? And behind your FW you have two different subnets and you want traffic between them to use be routed via a remote router and physically leave your FW on one port, then come back in on the other. But instead your FW -- seeing both subnets -- just routes directly between them. Is that correct?

    If so, can you explain why you want this to happen? There may be an approach that's not as complicated. Or did I get it wrong?

    It sounds like you might need to use static routing or perhaps set up a "hairpin NAT", which recent Sophos versions can do automatically.

Children
  • yes exactly wayne, i have 2 lan subnets, one going out one wan ip and the other going out the other wan ip

    i want one of the lan subnets that goes out via wan2 to go out and come back in via wan1 to reach the dnat/public ip, instead of it not leaving the FW and going straight to the dnat/public ip