Sophos XGS DNAT/PAT Rule

Hello,

I would like to create a DNAT and PAT rule for a customer. However, this doesn't quite work the way I want it to. When saving, I always get the message ‘Original and translated services do not match’.

Normally I would also like to use port 22 for SSH directly. However, I don't think that will work because Sophos listens directly on port 22. Hence the PAT rule?!

Any solutions?

Added TAGs
[edited by: Erick Jan at 10:28 AM (GMT -7) on 23 Sep 2024]

Top Replies

LuCar Toni 2 months ago +1 verified

NAT will always be infront of any service. So you can NAT 22 to another product, if you want. But be aware, that this will open SSH to the internet. Your error message is related to the fact, that…

Parents

0 LuCar Toni 2 months ago

NAT will always be infront of any service.

So you can NAT 22 to another product, if you want. But be aware, that this will open SSH to the internet.

Your error message is related to the fact, that services can be TCP and UDP or both. Check the Service of yours vs the SSH service. They have to match (UDP vs TCP).

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Reply

0 LuCar Toni 2 months ago

NAT will always be infront of any service.

So you can NAT 22 to another product, if you want. But be aware, that this will open SSH to the internet.

Your error message is related to the fact, that services can be TCP and UDP or both. Check the Service of yours vs the SSH service. They have to match (UDP vs TCP).

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Children

No Data