NAT Port Forwarding not working on XGS2300 (SFOS 20.0.1 MR-1-Build342)

Hello,

Thank you for contacting Sophos Community!

Thank you for sharing the snapshots. I could see that the DNAT and firewall rule created looks proper. The only thing I could notice is that you have defined the external source with the specific IP addresses. Could you confirm that the IP address from where you are accessing added to this list?

Later, you may use the below command to identify whether the traffic being forwarded or dropped by the firewall from the firewall console:

Console>tcpdump ' host IPaddress (specify the IP address from where you are accessing the server)

console>drop ' host IPaddress

Kindly run both the commands on firewall SSH console simultaneously and try accessing the server from outside.

Hello,

Thank you for contacting Sophos Community!

Thank you for sharing the snapshots. I could see that the DNAT and firewall rule created looks proper. The only thing I could notice is that you have defined the external source with the specific IP addresses. Could you confirm that the IP address from where you are accessing added to this list?

Later, you may use the below command to identify whether the traffic being forwarded or dropped by the firewall from the firewall console:

Console>tcpdump ' host IPaddress (specify the IP address from where you are accessing the server)

console>drop ' host IPaddress

Kindly run both the commands on firewall SSH console simultaneously and try accessing the server from outside.

Dear Mr. Mayur Makvana.

Thank you for reply.

In this case, i use specify IP or any IP also don't access to port forwording.

I send pic that my capture when run two command.

Hello,

Kindly DM me with the access ID of the firewall.

Hello,

Thank you for sharing the details over the chat.

We identified that the rule ID was created with the destination network as server IP instead of the actual WAN interface. We made the change in the firewall rule. Later, we reviewed the DNAT rule wherein we could see that the outbound interface was set as WAN interface. We set it as ANY and saved the configuration.

Since we made the above change and we managed to access the server.

Hello, Mr Mayur Makvana.

Thank for your support.

I just had some new testing and i found a problem that when create new NAT Rule at the bottom it don't working, when i move it this rules to the top, it works and i move back to bottom, it's still working normally. 

Hello,

Thank you for the feedback. We do not have any such known issue. We need made sure that there is no other DNAT rule with the same port.

If your issue is reproducible, I suggest raising the support case to investigate it further.