I have this DNAT on my sophos UTM 9.2 that I'm trying to replicate on my Sophos Firewall V21 but without success to date . I have been trying to obtain Professional Services via our new account manager but struggling to get a response , so reluctantly reverting to here
For our UTM
In a browser's proxy settings we specify this address for the proxy server 192.168.255.254 port 3128.
192.168.255.254 is labelled NAT internal below and in the action that IP gets change to the UTM's ip address
192.168.255.254 doesn't actually exist we just refer to it in proxy settings 
The automatic firewall gets created as follows for the above 
On the Sophos Firewall , the traffic is flowing from a AWS Transit Gateway to PORT B (WAN) via a VPC attachment of type "connect" so the source traffic on this link is considered VPN . Packets to 3128 are dropped unless I toggle "Web Proxy" on for the VPN under device access. I'd guess a lot of people would send the proxy destined traffic to LAN port A where the webproxy service is on already, but that's not possible in our setup
Any pointers on the Rules / DNAT's that would give me the same solution on the Sophos Firewall would be appreciated
Added TAGs
[edited by: Raphael Alganes at 12:43 PM (GMT -8) on 7 Mar 2025]
Quote