Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos XGS DNAT/PAT Rule

Hello, 

I would like to create a DNAT and PAT rule for a customer.  However, this doesn't quite work the way I want it to. When saving, I always get the message ‘Original and translated services do not match’.

 

Normally I would also like to use port 22 for SSH directly. However, I don't think that will work because Sophos listens directly on port 22. Hence the PAT rule?!

Any solutions?



Added TAGs
[edited by: Erick Jan at 10:28 AM (GMT -7) on 23 Sep 2024]
  • NAT will always be infront of any service. 

    So you can NAT 22 to another product, if you want. But be aware, that this will open SSH to the internet.

    Your error message is related to the fact, that services can be TCP and UDP or both. Check the Service of yours vs the SSH service. They have to match (UDP vs TCP). 

    __________________________________________________________________________________________________________________