Resolved: Old grumpy admin's fault. NAT Counter not working as expected

I have a NAT rule as shown below

The rule works as expected but the NAT counter is not working using this configuration. If I change the source to ANY or explicitly as my workstation's IP, everything works as expected.

 

Related to https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/115813/port-renaming-not-implemented-system-wide/417298#417298 .

Whats the point of having zones and port names if the firewall /NAT rules consider port1 as physical port1 on the firewall and not LAN or LAN zone.

 

Regards

Bill

Parents Reply
  • Can you show us the matching Log Viewer and the NAT Policy window? 

     

    Another point is, what do you want to archive with this Rule? You want to redirect DNS Traffic, going through XG against XG Interface - correct? 

    Tried this in my setup, and it works fine with the counter. 

    If i select the wrong host (for example #Port), it does not work, simply does not tick. But the Traffic does not get redirected. 

    The question is, which testing did you do? Tcpdump? Can you show us your dump? 

    __________________________________________________________________________________________________________________

Children
  • Like I said, XG is not my edge firewall so my edge firewall was catching some of my DNS queries and I thought it was XG. Sorry for not checking the logs.

    What I wanted to accomplish was to have XG reply to any DNS query in my LAN segment no matter what I choose for DNS server on the client. This is already possible with UTM and other firewalls obviously, but XG was not capable before v18. 

    Sorry again for not double checking the logs before submitting the report. Totally forgot about my edge firewall [:$]

  • Thanks for your Feedback.

    Could you rename your initial Thread name to "Resolved" or something like that? Or Change it to a Question instead Discussion. 

    __________________________________________________________________________________________________________________