Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Moving from UTM to SFOS Want to remove NAT

Hi Folks,

I'm moving from UTM to SFOS. Getting it setup with the basics was all fine but something I've been wanting to try for a while was to remove the masq rules as sophos is my back firewall in a back to back config. I ran into an issue though whereby I can't ping the front firewall I keep getting "ICMP packets with invalid ICMP type/code"

I can setup and ping the WAN interface just fine and this worked fine in UTM9 as well even with its masq rules disabled but not so in SFOS. I figure I've missed something obvious in the setup.

I found an example diagram which will work for the setup I want to try. Basically I don't want nat rules and I can't ping from 10.40.0.10 to 172.16.0.40. I get that message above with an any any rule on the firewall. The source of the error is 172.16.0.40.

All the traffic for the internet works it would seem because it hits the default SNAT rule that was created. I don't want these rules I'd like for the front firewall to be the only one doing NAT and the sophos to just route between.

Any ideas on what I'm missing here?



Added TAGs
[edited by: Raphael Alganes at 7:35 AM (GMT -7) on 17 Sep 2024]
Parents Reply Children