• Sophos XG NAT for essential services.

    Alpha Beta
    Alpha Beta
    Hello all I want to create NAT + Access rules for DNS and NTP so any UDP 53 and UDP 123 traffic targetted for WAN gets redirected to internal servers. Can anyone suggest how that can be achieved? Thanks A
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG allow internal serves to communicate using WAN IPs

    P M1
    P M1
    We have some internal servers on which we have configured NAT rules to expose them to internet via dedicated WAN IPs for each server. We are able to connect to the servers from WAN without any issues. But we are unable to connect from one server to…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPSec tunnel traffic being NAT'ed without NAT rule

    Joshua Drost
    Joshua Drost
    I cannot figure out why my virtual Sophos XG in Azure is NAT'ing traffic across my IPSec VPN tunnel. There is no NAT rule in place for this. In fact, there's only one NAT rule on the whole XG. But all traffic from my local network, going over the tunnel…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG135 - SFOS 19.0GA-317 ignored firewall/NAT rules and policies

    lu_ne
    lu_ne
    After updating from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317 I started getting complaints of services not working, they depend either on outbound firewall rules or inbound DNAT rules. The first failure to be reported was VoIP, oddly enough…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPSEC tunnel mode - is NAT Possible

    BeEf
    BeEf
    Hello, wondering whether a tunnel based IPSEC VPN works with NAT on one (initiating) side. What zone information needs to be provided on the Gateway host? Is it required that the two XFRM interfaces can ping each other? The configuration used…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • After changing the interface, the rule setting must be turned off and then turned on for normal operation

    hyun jin
    hyun jin
    The equipment that connects to the top or bottom of the firewall has changed. At this time, the snat or dnat policy set on the device is not applied. You have to turn off the policy and then turn it on for it to work properly. XG430 (SFOS 17.0…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • TWO gateway internet

    Fadi_Hamamdeh
    Fadi_Hamamdeh
    Dears, I Have firewall SOPOHS XG230. I have two gateway to internet. when do rule LAN to WAN and select nat rule MASQ to access intenet. I want change internet gateway for some LAN's IP, how i can do it? some LAN access intenet from GW1 …
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sometimes NAT matters and sometimes it doesn't; I can't quite understand why I need it sometimes

    Anthony Bevelacqua
    Anthony Bevelacqua
    I am not sure if I always need NAT. Sometimes I do and sometimes I don't. My latest issue was two VLAN networks hanging off the LAN interface of the Sophos XG. I had the correct firewall rules in place but I couldn't get traffic to flow until I created…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • NAS External access

    feroz syed
    feroz syed
    I have a File server name Synology, it has option to share files to external users, i tired to share the files but remote users not able to access it, i have two Firewall in my Domain, one UTM version 9.711-5 another XG. On XG i just created DNAT…
    • over 2 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Kommunikation von Extern nach Intern funktioniert nicht

    Sebastian Knaak
    Sebastian Knaak
    Hallo zusammen, ich habe eine Sophos XG Home auf einer Proxmox Umgebung virtualisiert. Vor der FW habe ich eine Fritzbox in der die FW als Exposed Host eingestellt ist. Das Problem ist, dass die Pakete nicht in das Netz kommen bzw. an die FW und nicht…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • PPPOE with Framed route

    Marco Camacho2
    Marco Camacho2
    Hi PPPOE is done on the XG and from ISP provides 10.222.250.5/32. We have a 213.150.X.X/29 from the ISP routed via 10.222.250.5. LAN has internet and DNAT works PAT works that's all good. How to register the sophos and add licenses because the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Exchange Hybrid / Mail-Protection / NAT-Rule

    TJ Hooker
    TJ Hooker
    Dear, currently we use a single EX2016 on Premise. Incomming Mails are delivered to our UTM (SG330), which scans for Spam/Virus and then routes them to our EX-Server. Outgoing Mails are routed to an ext. Smarthost. Outlook Web Access is published…
    • over 2 years ago
    • UTM Firewall
    • General Discussion
  • IPSEC TUNNELS AND SNAT RULES

    neildonaldson
    neildonaldson
    hi with UTM we had site to site tunnels and SNAT rules on the sophos side i was able to create an snat rule with severanl networks and hosts from our side and say sned them all down the tunnel behind 1 ip address in the range defined in the tunnel…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • AWS HA (Active-Passive) deployment NAT

    neild1
    neild1
    I have deployed an Active-Passive XG Firewall setup in AWS following the proper guide and have full routing and sorted out the health check on the load balancer for incoming services. One issue I am having is the incoming traffic is being NAT'd to the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2 ISP + 2 Network

    Chris Anthony1
    Chris Anthony1
    Hi All, newbie in Networking. Currently, we have this network setup We are planning to get an additional ISP exclusive for one of our departments. Is it possible to connect another modem(ISP) to our router and which configurations should I do to…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPSEC to IPSEC Tunnel - Subnetting NAT Problem/Question

    Patrick Merkel
    Patrick Merkel
    Hello Guys, i have a brain lag with following situation, I have a IPSEC to IPSEC (Site to Site) connection. The other side need to connect or need access to our local ip adress 192.168.100.253. But they cant use this local subnet, because…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG: S2S IPSec (policy based) - NAT between tunnels

    Alie2n
    Alie2n
    Hi, I'm pretty sure that this question was already answered by someone, but I cannot find the answer in the forum or the knowledgbase. Please bear with me... To my question... I configured two policy based ipsec tunnels: Site C <10.3.0.0/24 = 192…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPSEC-S2S VPN-LAN requires MASQ in NAT

    Manish Chawda
    Manish Chawda
    Hi, I have a question as to why IPSEC - Site to Site VPN Rule (VPN-LAN) in NAT requires MASQ in Translated Source(SNAT) Kindly advise Manish
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • OpenVPN connection

    muems
    muems
    Hello, I am new to the forum and have a question directly to the experts here. We use a Sophos SG230 UTM 9. I would like to establish an external OpenVPN connection from my computer, which is behind the Sophos, to another network. Unfortunately the…
    • over 2 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • NAT and SD WAN

    RyanHosiassohn
    RyanHosiassohn
    Hey All, I was kinda wondering, I Sophos V17 you could select the NAT on the FW rule itself and that that's the route it would take But now in V18 its separated, If you have one link can you add NAT rules on its own with no SD WAN routing would…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • NAT or SD WAN Policy Routing

    nidz
    nidz
    HI, We have 3 ISP(ISP1, ISP2 and ISP3) connected to our firewall in our HQ. In our HQ we have at least 5 subnets. My question is can i let some subnet to utilize only ISP2 for internet, not just internet but fully utilize the link. The other link i…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Traffic getting Source Natted for directly connected interfaces

    Manu_Mathew
    Manu_Mathew
    Hello, I guess its basics, however cannot understand why traffic for directly connected interfaces are getting source natted by wan public ip. Set up is Sophos XG firewalls connected directly via HA DMZ interface and have assigned 10.238.238.0/30…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Translated Local Network over site to site vpn

    Grant McNicol
    Grant McNicol
    Hi, We have a head office site that connects to a 3rd party over a site to site vpn for a service that they offer. Their requirements are quite specific on the set up of the site to site vpn for subnets and translation. Details are: Office LAN…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Change Migrated NAT Rule

    DAENG
    DAENG
    Hello, I would like to change the Load Balling in my Firwall rule which has a migrated NAT rule. In the NAT rule I cant ch age anything. How can I chnage this? Thank you!
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos SG 330 verliert unter Last Internet zugriff (BGP)

    Stefan D
    Stefan D
    Hallo Zusammen, ich hoffe ihr könnt mir bei einem Problem weiterhelfen. Ich habe das Problem das meine Sophos SG330 bei erhöhter Last (z.B. Speedtest via fast.com - kommt bis ~4,7Gbit) zum Teil die Verbindung ins Internet verliert - allerdings nicht…
    • over 2 years ago
    • UTM Firewall
    • German Forum
<>