Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 402 views
  • Users 0 members are here
Options
Suggested

Port Forwarding Question - Plex or Embry

DaniellsFirewall
  • I believe I have everything right  but I cannot see traffic in the firewall logs and I cannot get remote access to ether media server.

    NAT Rule : Port 2 is WAN, Port 1 is LAN, Synology is a local IP

Any Suggestions? I already called my ISP and they confirmed the port is open and my ISP modem has port forwarding enabled to my Sophos firewall.

ISP to Modem, Modem to Sophos WAN on 192.168.x.x, Sophos Lan to Network device on 10.x.x.x





Added TAGs
[edited by: Erick Jan at 4:16 AM (GMT -7) on 17 Jun 2024]
Parents
  • +1

    Hi,

    you will have a double NAT which more than likely is confusing the issue. DO you really need your ISP in router mode, why not use bridge mose?

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I put my modem in bridge mode, and I think it's working, I will test a bit more and confirm.

    One question, I have worked with Watchguard firewalls for about 16 years as an MSP consultant and I'm just now switching over to Sophos. 

    During that time, I have run across many small (less than 500 users) clients who were not best practice and had double NATs and would not turn on bridge mode.

    Historically all I had to do on a WG firewall was port forward what I needed from the modem to the firewall, and everything was hunky dory if a bit nonstandard. I never once ran into an issue like this, so it threw me off and I didn't expect Sophos to just ignore the traffic it was receiving.

    I could see before bridge mode with Wireshark that the modem was sending the packets to Sophos but Sophos log viewer didn't show them, so they just disappeared.

    What is Sophos doing that WG does not that causes it to fail when using port forwarding? If all I did to fix it was turn on bridge mode, then shouldn't a port forward have worked unless Sophos is doing some form of validation and ignoring the traffic if its double natted?

Reply
  • 0 in reply to rfcat_vk

    I put my modem in bridge mode, and I think it's working, I will test a bit more and confirm.

    One question, I have worked with Watchguard firewalls for about 16 years as an MSP consultant and I'm just now switching over to Sophos. 

    During that time, I have run across many small (less than 500 users) clients who were not best practice and had double NATs and would not turn on bridge mode.

    Historically all I had to do on a WG firewall was port forward what I needed from the modem to the firewall, and everything was hunky dory if a bit nonstandard. I never once ran into an issue like this, so it threw me off and I didn't expect Sophos to just ignore the traffic it was receiving.

    I could see before bridge mode with Wireshark that the modem was sending the packets to Sophos but Sophos log viewer didn't show them, so they just disappeared.

    What is Sophos doing that WG does not that causes it to fail when using port forwarding? If all I did to fix it was turn on bridge mode, then shouldn't a port forward have worked unless Sophos is doing some form of validation and ignoring the traffic if its double natted?

Children
No Data
Unfiltered HTML