• Loopback Rule not working for DNAT Policy v17.5 16

    NM_1987
    NM_1987
    Loopback Firewall Rule is not working for CCTV Firewall rule id 3 & 4 Created for CCTV Application. It is working fine from WAN as expected however, when we tried to open same CCTV from LAN using Public IP, it's not working. This is new setup. Serial…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG v18.05: MTA mode and alias IP addresses

    MarkThornton
    MarkThornton
    I will start by saying I am coming over from a UTM that I have loved going back to the Astaro days. Best part about the UTM is the help pages always seem to match what the options are in the actual product they are connected too. I haven't found that…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • NAT'ing an IP Range

    Jacob Holman
    Jacob Holman
    Hello All, I am creating a new network structure with as little impact as possible to the current production network. I have added a new vlan to my core and I am receiving traffic as it should, however, for the sake of not having to call all my partners…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Unable import the configuration from the selected firewall - Sophos Central

    Michael Southgate
    Michael Southgate
    I am having the same issues as the some other people and I really am stuck as where to fix this. We a client who is on XG86w running on SFOS 18.05.MR05 and we cannot import the configuration into Sophos central. The error we keep getting is SecurityPolicy…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Bypass NAT

    lrbrown
    lrbrown
    Hi Sophos Community I have a Sophos XGS 3100 Firewall that is connected to our ISP and also to our switch which then connects to VMWare ESXi servers. We have local IP addresses for one of our VMWare servers and its VMs which is then NATted by Sophos…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • turn of natting on one of the wan links

    brucepott
    brucepott
    Hi, we have two WAN ports on an XG 135. One port is configured with a public IP address and connects directly to the service provider. Second port is configured with a private IP address ( 192.168.x.x ) and has as the gateway the router of the second…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • force smtp over specific wan link

    brucepott
    brucepott
    Hi, we have a XG135 with two WAN links. I would like to create a rule to direct all smtp traffic from our internal mail server to the outside via one of these links. All smtp traffic should be routed via that port. SO far I did not manage to solve…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • 1:1 NAT for Site-to-Site Tunnel - how do I do it ?

    RanX
    RanX
    Hello to the community, I found some discussions on this topic but as none lead me to success so far, hopefully someone can help me with my topic. Scenario: Sophos XG (18.0.5 MR5) with several IPsec site-to-site tunnels Two of the remote networks (name…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Failing over default gateway with OSPF

    Jeremy Parr
    Jeremy Parr
    We have a site we are deploying XGs at. They have two buildings on campus, with a private fiber link between them. Each building has it's own Internet connection. We'd like to deploy an XG at each site, and allow for ISP failover between them. Scenario…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XGS 2100 Loopback NAT

    Robert Reid
    Robert Reid
    We are looking to deploy an HA pair of XGS2100 firewalls to our data centre. My issue is I cannot get a loopback NAT to work when I am starting the conversation from the same zone as the destination server is in. IF the loopback is to a different zone…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IPSec S2S NAT problem

    Alie2n
    Alie2n
    Hi, I have the following setup: The ipsec policy between RGW and RZGW cannot be extended by the net 192.168.5.0/24 so I have to do a NAT (enabled in the vpn config screen). The main goal that both nets (192.168.0.0/24 and 192.168.5.0/24) can access…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Route from one IPSec VPN with NAT to another IPSec VPN without NAT

    Tim Kallmeyer
    Tim Kallmeyer
    Hello, since Friday weve changed from our Sonicwall NSA2650 to our new Sophos XGS2100. Everything works fine, expect one thing. Weve got 2 VPN Tunnels: Tunnel 1 (Sidebranch): Local Networks: 10.226.208.0/24, 10.226.211.0, 10.0.3.0/24 (Network…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • No traffic over IPSec S2S with NAT applied

    Dave Uzeel
    Dave Uzeel
    Hi all, i followed below guide for a S2S tunnel with NAT applied but only one 1 side. Sophos XG Firewall: How to apply NAT over a Site-to-Site IPsec VPN connection I cant seem to get this working properly. When i run packet capture and start…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Connecting a Site to Site VPN when local subnets are the same

    Paul Peterson
    Paul Peterson
    We have two offices we need to connect. One is running a Sophos XG106w while the other is a Sophos XG105w. Unfortunately both are running the same network scheme 192.168.1.x, is it possible to do a site to site vpn and if so how is this accomplished with…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • WAN PPOE VLAN TAG - WONT ALLOW LAN TO ACCESS some HTTPS webpages on INTERNET

    Gerencia Tecnica Comercial
    Gerencia Tecnica Comercial
    Hi Sophos Community We have some issues on latest Sophos SFOS 18.0.5 MR-5-Build586 Our ISP give us a PPoE with a VLAN tag to access Internet and on another VLAN TAG a Private VPN VLAN XXXX Internet (((PPoE))) VLAN XXX VPN Static IP Address…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • 1:1 Nat possible with Sophos XG V18.5?

    seroal
    seroal
    Hi all, I want to create a 1:1 NAT Rule on SFOS. Is this possible? I want to set "translated destination" to a specific network with the same size (1:1 NAT) as the original destination network. Seems to be not possible with XG? I only see this…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SG125 Home Lizenz / Anzahl Client Probleme

    NoName NoName2
    NoName NoName2
    Hallo zusammen, ich habe eine SG125 mit einer Home Lizenz aktiviert. Ich bin leider über die Anzahl der Clients gekommen, geringfügig :-) mit 40Clients. Was komsich ist das erst nach monaten das Problem auftaucht das Clients keine IP-Adressen…
    • over 3 years ago
    • UTM Firewall
    • German Forum
  • remote SSLVPN to IPSEC Site to Site

    homerjs
    homerjs
    hello i want to use remote sslvpn over a site to site tunnel. I have tried with these instructions Allow Remote Access SSL VPN Traffic Over an Existing IPsec Tunnel without Modifying the IPsec Tunnel in Sophos XG Firewall but i can't get access…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • NAT IP addresses coming in the IPSec VPN to local IP addresses

    Matt Haynes
    Matt Haynes
    Hello, We switched my client over to a Sophos XG from an old Cisco Router. They have an IPSec tunnel to a Medical Network that hosts their Medical software/databases. The only thing I can't reproduce on the Sophos is below: ip nat inside source static…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG inline after Ubiquiti USG Pro

    George Kostopoulos
    George Kostopoulos
    Hi Everyone, First time posting so hoping I can get some clear direction on what to do based on others experience, I know theres two possible ways to skin this cat. We moved into a new office space, subleasing and along with that comes with a…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • The NAT process appears to have a bug

    rfcat_vk
    rfcat_vk
    Hi folks, recently with the aid of Prism I was able to resolve the creation of a hairpin NAT. I was investigating the logviewer entries for some of the devices and found what I think are a couple issues? 1/. some entries have a src_tran_port with…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG IPSEC Site-to-Site Nat

    Maurilio Senra1
    Maurilio Senra1
    Hi I'm having a hard time trying to configure a VPN Site-to-Site with the head office. We have the same local network. There we have a Fortgate. We were able to sucessfully connect the VPN. From there is possible to ping and acess my network but, from…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • [how to] create a port forwarding rule for a subdomain

    Hyugai
    Hyugai
    So i have this domain and i need to do port forwarding from https://sub1.mydomain.com.au to my app01server at port 20443. So i created an A record that points the https://sub1.mydomain.com.au to my static ip address 14.XXX.XX.XXX. and now i need…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL VPN outbound IP from WAN from external locations

    Nelson Eli Gutierrez Prieto
    Nelson Eli Gutierrez Prieto
    Hi folks. Im a learning Technician in Sophos XG and i need help with this request. Acctually we have a Sophos XG FW 18.0.1 and we have a software provider where we access a particular software in one server. The service provider has allowed the traffic…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG SSLVPN Clients are applied to SNAT, while they shouldn´t

    seroal
    seroal
    Hi there, I have a Sophos XG SSLVPN Dialin configured, which is working in general. When it comes to networking, we face an issue, that the clients are being SNATed, when accessing internal ressources (we monitor the source IP on the destination webserver…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
<>