Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 18811 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filter Double NAT

DiegoLópez Rubio

Good Morning

I have the following scenario double nat, and all web brand me as uncategorized.

Public IP-> Router (10.0.0.2) -> External Sophos IP (10.0.0.1) -> LAN (internal Sophos IP (192.168.0.1), Lan range (192.168.0.0/24)

First need to know if this is correct:
Cloud Server URL: coc.wing.sophosxl.net & peakcoc.wing.sophosxl.net (Port 80,443,6060 & 6061)

Which it is the second rule should configure for categorizing requests reach the Sophos

Currently I have this rule does not work.

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Diego,


    XG is able to reach the internet because rules for him are already opened. You do not need to create rules.
    I have the same installation as yours at home and you only need to create rules to allow traffic from internal to wan zone (network/user rules).

  • 0 in reply to lferrara

    Good morning,

    Users within the network browse perfectly,

    The problem is that the web categorization does not work.

    All web to appear as Uncategorized.

    The problem is that XG query to the database categorization but the answer is not able to route the call to XG and brand as uncategorized.

    If I create a category by hand with a web if recognizing it.

    How do I solve it?

    a greeting

  • 0 in reply to DiegoLópez Rubio

    This is strange! Did you open all port on your router? All traffic is forwarded to your XG WAN Ip address?

    Does the URL category lookup works under System > Diagnostics ?

  • 0 in reply to lferrara

    Good afternoon

    First of all thanks for your answers

    Currently the wan ip of the XG is placed in the DMZ router that lets me set.

    There is no rule no port forwarding Port Triggering.

    Should I create one?

    You have said that you have configured the same in your home, you can tell me the router configuration?

    The router that I have no bridge mode

    a greeting

  • 0 in reply to DiegoLópez Rubio

    Diego,

    on my network the router at my home cannot be changed to bridge for me too. What I did on my router is that forward all requests to internal IP (XG WAN IP) and nothing else. On the other side, router should allow all traffic from its lan to WAN. All the traffic must be filtered by XG (so you have filters in place and log either)
    .

    Nothing else. XG should be able to reach the 443 and 80 and sends URL categorization to Sophos websites. If it does not work, try a tcpdump for your XG interface and port 443 or 80 and see what is happening when you try to reach a website or use url lookup inside XG UI.

  • 0 in reply to lferrara

    Good morning,

    WAN ip XG is in the DMZ, depending on the configuration of router redirects all ports to the IP (10.0.0.1)

    XG is set to dns those of Google (8.8.8.8, 8.8.4.4)

    Customers within the lan (192.168.0.0/24) have set the ip by DHCP (XG) with dns pointed to 192.168.0.1 (Internal XG IP)

    I do not understand it does not work. Apparently I have everything configured properly.

    Is there any error in this configuration?

    All webs are marked as Uncategorized

    Thank you

  • 0 in reply to DiegoLópez Rubio

    Diego,

    can you post the output of this file when you try the url lookup from XG Web Interface?

    tail -f /var/tslog/tomcat.log | grep "url_to_test(for example www.google.co.uk)"

Reply Children
Unfiltered HTML