Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS DNAT/PAT Rule

Hello, 

I would like to create a DNAT and PAT rule for a customer.  However, this doesn't quite work the way I want it to. When saving, I always get the message ‘Original and translated services do not match’.

 

Normally I would also like to use port 22 for SSH directly. However, I don't think that will work because Sophos listens directly on port 22. Hence the PAT rule?!

Any solutions?



This thread was automatically locked due to age.
Parents
  • NAT will always be infront of any service. 

    So you can NAT 22 to another product, if you want. But be aware, that this will open SSH to the internet.

    Your error message is related to the fact, that services can be TCP and UDP or both. Check the Service of yours vs the SSH service. They have to match (UDP vs TCP). 

    __________________________________________________________________________________________________________________

Reply
  • NAT will always be infront of any service. 

    So you can NAT 22 to another product, if you want. But be aware, that this will open SSH to the internet.

    Your error message is related to the fact, that services can be TCP and UDP or both. Check the Service of yours vs the SSH service. They have to match (UDP vs TCP). 

    __________________________________________________________________________________________________________________

Children
No Data