Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Network-NAT on S2S-SSLVPN

    Hi All, is it possible to configure a 1:1 nat over a ssl site2site connection for overlapping networks? Configured networks aren't selectible within BusinessApplication rules. I can create/configure IP-Ranges and use them inside a BusinessApplication…
  • Internet with Single WAN to Multiple LAN Sophos XG

    Hello Everybody. In first, excuse-me for My English, i'm a french. So now, i need your help please because i'm lost. I'm new user to Sophos XG. I'm a studient and i work in an enterprise. The enterprise is equipped of an appliance XG 115W and a router…
  • NAT Telekom -> Sophos Portforwarding

    Hallo zusammen, langsam bin ich am verzweifeln bei der Einrichtung der Sophos SG105. Ich habe schon vieles ausprobiert, aber komme leider nicht zum Ergebnis. Hier meine Konstellation: WAN - Telekom Bintec VDSL Router. (Kann ich nicht wegmachen,…
  • VPN site to site issue

    hello, i am working on connecting my two main company sites. But i 'm starting to have no idea , i would like to get some help :) Site A with a cyberoam CR35wiNG and site B with a Sophos XG125W. Both are behind a modem router, with port forwarding…
  • ipsec Sites with same subnet

    i' trying to connect one head office to multiple branch offices but some of them have the same subnet like head office 192.168.44.0/23 branch office 1 192.168.2.0/24 branch office 2 192.168.1.0/24 branch office 3 192.168.2.0/24 The set up of…
  • XG210 (SFOS 16.05.8 MR-8) Outgoing issue with Source NAT to Alias IPs

    Dear All, I am currently deploying an XG210. My ISP provides me with 2 sets of IPs say 1.1.1.1/30 and 2.2.2.0/29 They gave me a default gateway of 1.1.1.2 and told me that I can use the WAN IP ranges from 2.2.2.1 - 2.2.2.7 I created a WAN interface…
  • How do I check traffic in a NAT Rule log?

    I currently have a printer with an IP address of 10.20.20.22 behind the firewall. We have a few external users who need to print to this device, so I have a NAT rule to send all printer requests from an external IP (i.e. 64.xxx.xxx.22) to the internal…
  • WAN Gateway IP on a different Subnet

    Multiple VPS and online server providers these days provide you with a gateway IP that is on a different subnet than the WAN IP. On pfSense, Forefront TMG and Untangle firewalls, I can add the gateway IP even when it's on a different Subnet, but on Sophos…
  • Two 1:1 NAT's on same interface w/ Alias?

    We need to NAT two external (to us) IPs to two different servers from the same interface. We got one to work without issue, but the second one is not working. For the first (10.36.109.84) we created a business rule to forward anything on PortA5 to 172…
  • Confirming/Monitoring NAT rules

    We are troubleshooting some strange TLS connection issues from multiple internal servers that are NAT'd to a DMZ address. Is there any way to show the translations in a live running log format, or even confirm them one-by-one that they are working? …
  • NaTed LAN not working in IPsec

    Hi, I have configured IPsec between my Sophos XG home edition and fortigate firewall in far end. IPSec tunnel is up and other side can see my traffic with original source address. But the far end network policy required my encryption domain to be…
  • 3CX Port Forwarding Issue

    Hi Guys, We use a 3CX Phone system with a SIP Trunk. We are experiencing issues where calls make it through to the system maybe 3/5 times successfully then other times the call wont even make it to the 3CX server (No entries in call log) or the call…
  • Internal IP NAT for VPN user

    We are using SSL VPN and the DHCP pool it hands out is different from the internal LAN. One of our VPN users has the same subnet as our LAN and the server they need to RDP into has the same IP address as their computer. How could I go about natting…
  • Firewall policies not applying NAT to traffic

    I'm having some real issues on a Sophos XG210 getting traffic to be matched by a full firewall rule. I have several networks which are routed at L3 on an EX3300 switch. The switch passes the traffic up to the XG210 where it should then get evaluated…
  • Reverse NATing traffic kills NATed traffic inside IPSEC tunnel.

    Hi all, I've found a really disturbing bug when you use NATing before an IPSEC tunnel. The tunnel is UP between two XG 135 at the actual last release (SFOS 16.05.3 MR-3). I've to make a static bidirectional NATing for the remote site range. I can access…
  • if my theory is correct...

    I feel like laughing like Tom Hanks in the movie The Money Pit when his bathtub feel through the floor. Tom Hanks - Laughing Because of Asymmetric routing, I had to enter a bypass-stateful rule for My LAN to My Datacenter's LAN, then My Datacenter's…
  • Asymmetric Routing Question

    So say you have Asymmetric Routing between Network-A and Network-B so you are testing the XG in bridge mode between each network which are in LAN zone. you configure the XG to bypass-state-firewall-config add source Network-A dest_ Network-B then…
  • External and Internal BGP is on my old firewall, does XG need to know about them?

    After more studying the configuration on my sonicwall that I am switching out with a XG 310, I have a question about BGP routing. Based on the information below do I need to do any configuration to BGP routing on the XG? 2 cisco routers are connected…
  • xg firewall home and nas or any devices on my network

    hi everyone ! So i'm testing xg firewall on a virtual machine on my nas. So i configured it this way : * my dsl modem (router, freebox for the one who knows it) in 192.168.1.254 (no dhcp). DMZ : ip of the sophos wan port, 192.168.1.18 *…
  • NAT through IPSec VPN

    Hello, I'm looking to port forward between two sites through a IPSec VPN We have two sites connected through a IPSEC vpn. WANa WANb ___|____ ___|____ | GW A | =======VPN ===== | GW B | ----------- ------------ | DMZ I've made the…
  • Install a sophos XG behind XG firewall

    Hi, We have XG230 with 32 public IP address for multiple clients, now we want to install another XG230 for a client and want to user few public IP address from same 32 IP pool. I now we can install XG firewall behind XG firewall with a single public…
  • NAT based on source port

    Hello, On my old UTM 9 I had a NAT rule: Source IP: Any source port: 17478 protocol: udp Destination Port: 1024-65535 Destination IP: Sophos WAN Forward to: Internal Server on IP 192.168.x.9 It's a certain application which works.…
  • current activities for NAT rules

    I have setup multiple NAT rules under the XG Firewall with logging enabled. Is there a way to see current activities from those rules? let's say i want to see which remote IP address is using a lot of bandwidth on an FTP transfer etc.. currently…
  • Need to do NAT Reflection in the new UI

    I have found this: https://community.sophos.com/products/xg-firewall/f/network-and-routing/73239/nat-reflection and this: https://community.sophos.com/products/xg-firewall/f/network-and-routing/73615/how-do-you-create-a-loopback-hairpin-nat-to-an…
  • DNAT - FIREWALL - BUSINESS APPLICATION RULE - ISSUE

    Hi, I'm new in XG but I've installed Hundreds of Astaro (since V6) and Sophos UTM. In this days I've started to work with XG and this is my question, is this normal? as you can see with the same source IP, destination IP and port, sometimes the…