Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Port Ranges and Port Lists on the same Business Application Rule?

    Is it possible to add Port Ranges and Port Lists to the same Non-HTTP Business Application Rule? I have an internal server that has 3 specific ports and 2 different port ranges that need to be forwarded. As it is right now, I cannot figure out how to…
  • Problem with port forward rules interfering with LAN->WAN masquerading

    If I create a Business Application Rule for ports 80 and 443 to an internal web server, and I have that policy rule above the generic Lan->Wan allow all rule then the outgoing web traffic from the web server is not masqueraded. All other machines on the…
  • Outgoing/Incoming traffic from Different LAN Subnet

    I have setup a different LAN subnet (192.168.2.0/24) for a guest wireless network and it connects back to my XG 230 on Port 3. So I have two wireless networks, one for just laptops, a private network (10.1.1.0/24) and one guest network. If i connect to…
  • Port Forwarding, why do some rules work and others not??

    Hi, I currently have a Watchguard XTM 22 series with no security bundles, just running in standard Firewall mode. Rules on that are dead easy to setup and just tend to just work. Now the reason for me trying out other software is because I could do…
  • How to set up access to/from azure db (cloud) to server on DMZ?

    Hi, I'm trying to get our brand new XG appliance to production, but I've encountered an issue which made me roll back to our former router/setup. one of our servers has application that uses an azuredb (cloud database). The application support team…
  • How do you create a loopback/hairpin NAT to an Interface IP?

    I am trying to publish multiple services to the Internet. It is working fine using business rules. But, I want to be able to add a loopback/hairpin NAT so that if someone inside the network uses the public IP to access the service they are redirected…
  • 1-to-1 NAT over *internal* networks (LAN-to-LAN or LAN-to-DMZ)

    I'm trying to create proper policies for establishing NAT from one address in a non-public zone to one in a different non-public zone. For instance NAT that maps a LAN IP to one in the DMZ, or from one LAN to another, e.g. map 192.168.1.5 to 192.168.2…
  • NAT Reflection

    I'm trying to configure NAT reflection in the XG. Is there a guide somewhere for that feature? (Essentially, I need to have an outside IP forward back inside the network) Thanks!
  • How do I create a 1-to-1 NAT wan>LAN?

    I can't, for the life of me, figure out something that is ultra simple on every other dang firewall/UTM I have worked with. There is not a place that I can find to create a 1-to-1 NAT. The purpose is video conferencing connections between our various…
  • WAN to LAN Inbound NAT - How To?

    I just recently installed the Sophos XG platform, coming from a UTM 9 firewall. Question is, how do I create an inbound NAT to forward HTTPS (tcp 443) to an internal web server? I've played around with the policy settings and cannot seem to figure out…