Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Port Forwarding not working on XGS2300 (SFOS 20.0.1 MR-1-Build342)

My Sophos FW XGS2300 port forwording not working for a new port in the past 7days ago, the older port forwording still work normal. Please help me how to check and troubleshoot about this problem. My NAT and rule as pic below.

Many thanks for support.



This thread was automatically locked due to age.
Parents
  • Hello,

    Thank you for contacting Sophos Community!

    Thank you for sharing the snapshots. I could see that the DNAT and firewall rule created looks proper. The only thing I could notice is that you have defined the external source with the specific IP addresses. Could you confirm that the IP address from where you are accessing added to this list?

    Later, you may use the below command to identify whether the traffic being forwarded or dropped by the firewall from the firewall console:

    Console>tcpdump ' host IPaddress (specify the IP address from where you are accessing the server)

    console>drop ' host IPaddress

    Kindly run both the commands on firewall SSH console simultaneously and try accessing the server from outside.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello,

    Thank you for contacting Sophos Community!

    Thank you for sharing the snapshots. I could see that the DNAT and firewall rule created looks proper. The only thing I could notice is that you have defined the external source with the specific IP addresses. Could you confirm that the IP address from where you are accessing added to this list?

    Later, you may use the below command to identify whether the traffic being forwarded or dropped by the firewall from the firewall console:

    Console>tcpdump ' host IPaddress (specify the IP address from where you are accessing the server)

    console>drop ' host IPaddress

    Kindly run both the commands on firewall SSH console simultaneously and try accessing the server from outside.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Children