Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Creating SNAT policies increases the count of firewall rules exponentially. Is there anyway around this?

    Say I want to filter outbound traffic from LAN to WAN with a bunch of different rules for all hosts, and do a separate SNAT policy for a specific LAN IP address. I create a bunch of outbound rules for the whole network, so I'll have to create another…
  • 61 Internal devices, same internal port, external port +1 each time.

    I'm in the process of setting up NAT for 61 new devices that must be monitored externally. The INTERNAL port for most of these devices are 80, but the EXTERNAL port must be 1000, 1001, 1002, etc until they can each be reached. I have a XG310 (SFOS 16…
  • Zugriff von Standort A über VPN auf spezielle externe IP-Adresse über Feste-IP von Standort B

    Hallo zusammen, ich probiere hier schon ewig rum, evtl. kann mir von euch jemand einen Tipp geben. Welches Problem habe ich? <Client> -> <SITE A> -> <IPSec-VPN> -> <SITE B> -> <STATIC EXTERNAL IP> -> <Backend> Ich müsste vom Standort A über den VPN…
  • VPN Verbindung von WLAN ins LAN

    Wir haben eine Firewall XG. Mit dem SSL VPN Client verbinden wir uns ins LAN. Das funktioniert soweit. Nun haben wir auf der Firewall einen weiteren Port auf dem das WLAN in einem anderen Subnetz liegt. Das WLAN hat keinen Zugriff auf das LAN. Um vom…
  • Does XG site to site IPsec VPN support Nat traversal

    I don't see the option on the Sophos XG to enable Nat traversal on a site to site VPN using IPsec, where one side will be behind a router doing NAT Is this enabled by default, or just not supported.
  • LAN hosts can't get outbound

    Working with a new Sophos XG setup and I'm almost certain this is a noobie mistake. My lan interface cannot get outbound to the internet. I can ping my inside gateway and the outside IP of the Sophos, but no further. I have configured a rule to allow…
  • NAT Regel ANY -> VM Kaspersky Port 13292NAT

    Hallo zusammen, wir haben Kaspersky Security Center 10 bei uns im Einsatz. Nun sollen unsere AD Mitarbeiter Smartphones erhalten welche Kaspersky Endpoint Secutity installiert haben, und mit Security Center verbunden sind. Damit die auch funktioniert…
  • I need to set up a policy for my Xbox One, can anyone help me?

    I currently use the cisco rv325 router, with the following settings subnet VLAN for Xbox one: My network topology Router Settings cisco RV325 Server Settings XG Firewall This setting is not working, NAT strict appears
  • Track ATP event through Meraki NAT

    I have an XG reporting that there is an ATP event. The address it is giving me is for the source is our Meraki AP. I do not think the Meraki is infected but more likely one of the clients connecting to that AP is. The Meraki is Natting addresses, so…
  • 1:1 NAT whole subnet

    I'm trying to nat the subnet 192.168.100.0/24 to 192.168.200.0/24 in a manner that 192.168.100.1 corresponds 192.168.200.1, 192.168.100.2 to 192.168.200.2 and so on. That was easily configurable in UTM but I cant find a solution for the XG firewal. …
  • Network-NAT on S2S-SSLVPN

    Hi All, is it possible to configure a 1:1 nat over a ssl site2site connection for overlapping networks? Configured networks aren't selectible within BusinessApplication rules. I can create/configure IP-Ranges and use them inside a BusinessApplication…
  • Internet with Single WAN to Multiple LAN Sophos XG

    Hello Everybody. In first, excuse-me for My English, i'm a french. So now, i need your help please because i'm lost. I'm new user to Sophos XG. I'm a studient and i work in an enterprise. The enterprise is equipped of an appliance XG 115W and a router…
  • NAT Telekom -> Sophos Portforwarding

    Hallo zusammen, langsam bin ich am verzweifeln bei der Einrichtung der Sophos SG105. Ich habe schon vieles ausprobiert, aber komme leider nicht zum Ergebnis. Hier meine Konstellation: WAN - Telekom Bintec VDSL Router. (Kann ich nicht wegmachen,…
  • VPN site to site issue

    hello, i am working on connecting my two main company sites. But i 'm starting to have no idea , i would like to get some help :) Site A with a cyberoam CR35wiNG and site B with a Sophos XG125W. Both are behind a modem router, with port forwarding…
  • ipsec Sites with same subnet

    i' trying to connect one head office to multiple branch offices but some of them have the same subnet like head office 192.168.44.0/23 branch office 1 192.168.2.0/24 branch office 2 192.168.1.0/24 branch office 3 192.168.2.0/24 The set up of…
  • XG210 (SFOS 16.05.8 MR-8) Outgoing issue with Source NAT to Alias IPs

    Dear All, I am currently deploying an XG210. My ISP provides me with 2 sets of IPs say 1.1.1.1/30 and 2.2.2.0/29 They gave me a default gateway of 1.1.1.2 and told me that I can use the WAN IP ranges from 2.2.2.1 - 2.2.2.7 I created a WAN interface…
  • How do I check traffic in a NAT Rule log?

    I currently have a printer with an IP address of 10.20.20.22 behind the firewall. We have a few external users who need to print to this device, so I have a NAT rule to send all printer requests from an external IP (i.e. 64.xxx.xxx.22) to the internal…
  • WAN Gateway IP on a different Subnet

    Multiple VPS and online server providers these days provide you with a gateway IP that is on a different subnet than the WAN IP. On pfSense, Forefront TMG and Untangle firewalls, I can add the gateway IP even when it's on a different Subnet, but on Sophos…
  • Two 1:1 NAT's on same interface w/ Alias?

    We need to NAT two external (to us) IPs to two different servers from the same interface. We got one to work without issue, but the second one is not working. For the first (10.36.109.84) we created a business rule to forward anything on PortA5 to 172…
  • Confirming/Monitoring NAT rules

    We are troubleshooting some strange TLS connection issues from multiple internal servers that are NAT'd to a DMZ address. Is there any way to show the translations in a live running log format, or even confirm them one-by-one that they are working? …
  • NaTed LAN not working in IPsec

    Hi, I have configured IPsec between my Sophos XG home edition and fortigate firewall in far end. IPSec tunnel is up and other side can see my traffic with original source address. But the far end network policy required my encryption domain to be…
  • 3CX Port Forwarding Issue

    Hi Guys, We use a 3CX Phone system with a SIP Trunk. We are experiencing issues where calls make it through to the system maybe 3/5 times successfully then other times the call wont even make it to the 3CX server (No entries in call log) or the call…
  • Internal IP NAT for VPN user

    We are using SSL VPN and the DHCP pool it hands out is different from the internal LAN. One of our VPN users has the same subnet as our LAN and the server they need to RDP into has the same IP address as their computer. How could I go about natting…
  • Firewall policies not applying NAT to traffic

    I'm having some real issues on a Sophos XG210 getting traffic to be matched by a full firewall rule. I have several networks which are routed at L3 on an EX3300 switch. The switch passes the traffic up to the XG210 where it should then get evaluated…
  • Reverse NATing traffic kills NATed traffic inside IPSEC tunnel.

    Hi all, I've found a really disturbing bug when you use NATing before an IPSEC tunnel. The tunnel is UP between two XG 135 at the actual last release (SFOS 16.05.3 MR-3). I've to make a static bidirectional NATing for the remote site range. I can access…