Say I want to filter outbound traffic from LAN to WAN with a bunch of different rules for all hosts, and do a separate SNAT policy for a specific LAN IP address. I create a bunch of outbound rules for the whole network, so I'll have to create another…
I'm in the process of setting up NAT for 61 new devices that must be monitored externally. The INTERNAL port for most of these devices are 80, but the EXTERNAL port must be 1000, 1001, 1002, etc until they can each be reached. I have a XG310 (SFOS 16…
Hallo zusammen, ich probiere hier schon ewig rum, evtl. kann mir von euch jemand einen Tipp geben. Welches Problem habe ich? <Client> -> <SITE A> -> <IPSec-VPN> -> <SITE B> -> <STATIC EXTERNAL IP> -> <Backend>
Ich müsste vom Standort A über den VPN…
Wir haben eine Firewall XG. Mit dem SSL VPN Client verbinden wir uns ins LAN. Das funktioniert soweit. Nun haben wir auf der Firewall einen weiteren Port auf dem das WLAN in einem anderen Subnetz liegt. Das WLAN hat keinen Zugriff auf das LAN. Um vom…
I don't see the option on the Sophos XG to enable Nat traversal on a site to site VPN using IPsec, where one side will be behind a router doing NAT
Is this enabled by default, or just not supported.
Working with a new Sophos XG setup and I'm almost certain this is a noobie mistake. My lan interface cannot get outbound to the internet. I can ping my inside gateway and the outside IP of the Sophos, but no further.
I have configured a rule to allow…
Hallo zusammen,
wir haben Kaspersky Security Center 10 bei uns im Einsatz. Nun sollen unsere AD Mitarbeiter Smartphones erhalten welche Kaspersky Endpoint Secutity installiert haben, und mit Security Center verbunden sind.
Damit die auch funktioniert…
I currently use the cisco rv325 router, with the following settings subnet VLAN for Xbox one:
My network topology
Router Settings cisco RV325
Server Settings XG Firewall
This setting is not working, NAT strict appears
I have an XG reporting that there is an ATP event. The address it is giving me is for the source is our Meraki AP. I do not think the Meraki is infected but more likely one of the clients connecting to that AP is.
The Meraki is Natting addresses, so…
I'm trying to nat the subnet 192.168.100.0/24 to 192.168.200.0/24 in a manner that 192.168.100.1 corresponds 192.168.200.1, 192.168.100.2 to 192.168.200.2 and so on. That was easily configurable in UTM but I cant find a solution for the XG firewal.
…
Hi All,
is it possible to configure a 1:1 nat over a ssl site2site connection for overlapping networks?
Configured networks aren't selectible within BusinessApplication rules.
I can create/configure IP-Ranges and use them inside a BusinessApplication…
Hello Everybody.
In first, excuse-me for My English, i'm a french.
So now, i need your help please because i'm lost.
I'm new user to Sophos XG. I'm a studient and i work in an enterprise.
The enterprise is equipped of an appliance XG 115W and a router…
Hallo zusammen,
langsam bin ich am verzweifeln bei der Einrichtung der Sophos SG105. Ich habe schon vieles ausprobiert, aber komme leider nicht zum Ergebnis. Hier meine Konstellation:
WAN - Telekom Bintec VDSL Router. (Kann ich nicht wegmachen,…
hello,
i am working on connecting my two main company sites.
But i 'm starting to have no idea , i would like to get some help :)
Site A with a cyberoam CR35wiNG and site B with a Sophos XG125W.
Both are behind a modem router, with port forwarding…
i' trying to connect one head office to multiple branch offices but some of them have the same subnet like
head office 192.168.44.0/23
branch office 1 192.168.2.0/24
branch office 2 192.168.1.0/24
branch office 3 192.168.2.0/24
The set up of…
Dear All,
I am currently deploying an XG210.
My ISP provides me with 2 sets of IPs say 1.1.1.1/30 and 2.2.2.0/29
They gave me a default gateway of 1.1.1.2 and told me that I can use the WAN IP ranges from 2.2.2.1 - 2.2.2.7
I created a WAN interface…
I currently have a printer with an IP address of 10.20.20.22 behind the firewall.
We have a few external users who need to print to this device, so I have a NAT rule to send all printer requests from an external IP (i.e. 64.xxx.xxx.22) to the internal…
Multiple VPS and online server providers these days provide you with a gateway IP that is on a different subnet than the WAN IP. On pfSense, Forefront TMG and Untangle firewalls, I can add the gateway IP even when it's on a different Subnet, but on Sophos…
We need to NAT two external (to us) IPs to two different servers from the same interface. We got one to work without issue, but the second one is not working.
For the first (10.36.109.84) we created a business rule to forward anything on PortA5 to 172…
We are troubleshooting some strange TLS connection issues from multiple internal servers that are NAT'd to a DMZ address. Is there any way to show the translations in a live running log format, or even confirm them one-by-one that they are working?
…
Hi,
I have configured IPsec between my Sophos XG home edition and fortigate firewall in far end.
IPSec tunnel is up and other side can see my traffic with original source address.
But the far end network policy required my encryption domain to be…
Hi Guys, We use a 3CX Phone system with a SIP Trunk.
We are experiencing issues where calls make it through to the system maybe 3/5 times successfully then other times the call wont even make it to the 3CX server (No entries in call log) or the call…
We are using SSL VPN and the DHCP pool it hands out is different from the internal LAN.
One of our VPN users has the same subnet as our LAN and the server they need to RDP into has the same IP address as their computer.
How could I go about natting…
I'm having some real issues on a Sophos XG210 getting traffic to be matched by a full firewall rule.
I have several networks which are routed at L3 on an EX3300 switch. The switch passes the traffic up to the XG210 where it should then get evaluated…
Hi all, I've found a really disturbing bug when you use NATing before an IPSEC tunnel. The tunnel is UP between two XG 135 at the actual last release (SFOS 16.05.3 MR-3). I've to make a static bidirectional NATing for the remote site range. I can access…