Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • DNAT rule for Multiple Port and Protocol

    Hi, My customer requirement, he wants to use DNAT or web server protection for hosting IIS services. From the public network he wants to access a server using the Dydns with port no 8081 but if the user will try with HTTP (http://mydns.xxx.co:8081)…
  • Port Forward (DNAT) List of Ports to single host on 17.1.2

    Hi, I would like to port forward two non-adjacent ports to a single IP on the LAN. In previous firmware versions, its seems like there was a "Forward Type" dropdown box per KB article: https://community.sophos.com/kb/en-us/122976 . However with SFOS 17…
  • The differences between SNAT and DNAT

    Dear Wizards, I'm a newbie to Sophos XG Firewall, can I ask the differences between SNAT and DNAT? In which case which method should we use? For example: we have some Exchange mail servers, Web servers, ERP servers, SharedFile servers then we should…
  • DNAT funktioniert nicht trotz protokollierter Pakete

    Hallo, Unsere Sophos UTM9 hat Schwierigkeiten mit einer DNAT Regel... Es soll Port 8086 eines Uplink-Interfaces weitergeleitet werden zu Port 8086 auf einem internen Server. Das Uplink-Interface ist ein PPPoE hinter ZyXel Router/Modem von Telekom…
  • DNAT NTP instead of NTP Server

    I created this Business Application Rule to DNAT internat NTP queries to XG-> external NTP server because XG is not a NTP Server (SG yes) But I still have at log: where XG is 192.168.157.70. why? 2018-08-03 14:41:21 Appliance…
  • XG Inbound DNAT Rule Working Fine But XG Blocking Server Outbound

    Hi all, We're fairly new to Sophos XG but we have our firewall rules set up and working so far. However, I have created a DNAT rule for secure LDAP which is working well and I can see the traffic being forwarded to the internal server. However, the…
  • Sophos XG v17 DNAT and Port Forward issue

    I have just migrated from the Sophos SG series and I'm trying to replicate some of the WAF rules/DNAT, but i am having an issue with forwarding to internal port from http/https. Basically I have a web server running on port 4477 internally. I am trying…
  • Sophos XG Interface Aliases Do Not Receive Traffic

    I have installed Sophos XG SFOS 17.0.5 MR-5 on a PC. I have set up several DNAT Business Rules for the WAN interface's default IP address. However, none of the DNAT rules for the interfaces's alias receive traffic. I have followed the information included…
  • NATing and Firewall Rules

    I recently switched from UTM to XG and I'm having trouble figuring this out. I understand how to create the DNAT rule. On UTM I had created the the 1:1 NAT and then used regular firewall rules to control who could hit what ports. After adding a DNAT Business…
  • Explanation or guide on reflexive rule

    Hello Guys! I can not find any guide explaining exactly how the "reflexive rule" in the "Business Application Rule" works. If there is already a "lan to wan" or "dmz to wan" rule that authorizes all outgoing traffic to the Internet, what is the…
  • 2 subnets 1 network

    Problem, I currently am using a Sonic Wall TZ200 with a subnet of /23. I assigned ALL IP address's manually to every machine/device and ALL switches or unmanaged. I am moving from the TZ200 to a XG210. My problem is I am running out of IP address's on…
  • Experiences with v17 XG Setup Wizard

    I just received an XG125 and am configuring it in a lab environment. I hope to achieve the following high-level configuration. 1) Port 1 - LAN, call it LAN A, with 192.168.25.x address space. Use a firewall DHCP in lab but an external DHCP server in…
  • SG17, help with setting inbound port translation as a part of a DNAT?

    I'm not sure what I'm doing wrong or if this is a bug in SG17. I am trying to nat an inbound destination ip and port from the WAN address and WAN port to an internal server and a different port. eg. Before DNAT: src IP: ANY src tcp port: ANY…
  • No rule for Wan to Lan

    Hi, We are having problem transferring calls from AU to PH but PH to AU can transfer call. I tried to packet captured it and it showing me "status=incoming" but "rule=0" for the source IP= (which is the VOIP server) to Dest IP= (our isp) Do I have to…
  • Is it possible to forward traffic to specific interface?

    Hi, We're creating a DNAT rule to forward the traffic from a public IP that is configured as an Alias in the Port8 of our XG firewall. All the traffic that enters the Port8 will be forwarded to Port7 that have the 172.16.16.1/24 IP. As you know…
  • 2x Emailserver DNAT

    Hallo, Ich habe folgendes Problem. Ich betreibe 2x Exchange Server mit unterschiedlichen domains. Dafür habe ich 2x DNAT-Regeln eingerichtet: DNAT Verkehrskennzeichner: Any → SMTP → WAN [Domain1 (x.x.x.106)] (Address) Zielübersetzung: Exchange1 →…
  • DNAT im internen Netzwerk

    Hallo Zusammen, ich versuche gerade einen Navision-Server erreichbar zu machen. Interne Adresse: 192.168.100.178:8080/.../ Auf dem Webserver habe ich die Default Site auf diese URL umgeleitet. Der Dienst soll über nav.Domain.de erreichbar sein. …
  • Publishing internal web server app to internet without vpn

    Greetings. We have an internal web server running on the lan. End users using click to run technology install the application on the users pc. The programs works alright for people on the lan as well through ssl vpn. Now i have had a request come through…
  • XG in MTA Mode with multiple WAN IPs

    Here's my issue. I'm running in MTA mode and have 3 ISPs with multiple WAN IPs on each. I'll use one for this example. My WAN Range is x.x.x.210 (interface IP) through x.x.x.214 (Alias) My MX record is pointing to .214 which is an alias. The MTA…
  • 3CX Port Forwarding Issue

    Hi Guys, We use a 3CX Phone system with a SIP Trunk. We are experiencing issues where calls make it through to the system maybe 3/5 times successfully then other times the call wont even make it to the 3CX server (No entries in call log) or the call…
  • Port forward to web server

    I have Website published on IIS as http on port 8888. I added it as Web Server and created business role add authentication method. I can access the website on new port 8887 from Lan, when i tried to access the website using Public ip from wan didn…
  • Allowing RDP to internal server.

    Hi all, I want to allow RDP to a single server in our LAN zone but I'm not entirely sure if the rule I'm creating it's ok or not. So I hope you guys can give me a hand with this. - Eth1 it's our WAN interface. - When I have to use " Rewrite source…
  • Business Application Rule - must select an IP Range for Protected Server(s) / dnat ntp

    I'm having trouble setting an IP range for an internal DNAT rule to redirect NTP (UDP/123) traffic destined for the WAN to an internal server in LAN. A single IP entry works but I want the rule to catch <ANY> destination IP heading to the WAN interface…
  • External DNS Query IssueDNS

    Hi, I have a cPanel Server with Bind Name Server behind the firewall with many hosting domains inside, websites, emails, ftp, etc. All services work correctly doing NAT with the required ports. The only problem is the DNS server (BIND). I do NAT of…
  • RE: Internal DNS issues

    We have a very big problem... i need pass the DNS Queries to my internal Nameserver (ns2.ardanet-systems.com) i tryed anything but i can't get this. The queries can't pass WAN... This is because i has behind the XG a Webhosting (cPanel & Nameserver…