After migration from v17.8 to v18 EAP 1, for each firewall rule where the source service is differnet but the outsource IP is the same, NAT rules are created for each firewall rule.

After migrating from v17.5 MR8 to v18 EAP1,

for each firewall rule, a new NAT is created. Since I like to have clean situation clean on XG, now I need to unlink all NAT rules from every single firewall rule and attack (in most cases) the same NAT rule (MASQ where the source ip is the primary WAN ip address and service is different).

If I have a different service from each firewall rule, I can use a single NAT where original service is any. I guess that the service port in firewall rule takes precedence, so does not make sense during the migration to have a lot of NAT rules.

Is that something in Sophos you are considering?

Thanks

Parents Reply
  • Thanks Stuart for your comment.

    Mine was an observation. In previous XG version, if people have 50 firewall rules, where for each firewall rule, what changes is just the service port number, the translation mechanism will not look for similarity, but 50 NAT rules will be created. I think you can rethink about the migration process. A single NAT where any any as source, and service can work in this situation.

Children
No Data