• Can't ping after DNAT

    Miguel Monteiro
    Miguel Monteiro
    Hello! I got IPSec Tunel between this two networks: 192.168.5.0 192.168.38.0 On this network ( 192.168.5.0 ) i got 3 Servers one of them is 192.168.5.2 and i can ping everything between this networks. If i create DNAT of this server…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Help with port forward rule for accessing application outside network

    George Burnite
    George Burnite
    We have an application running on a machine that has the ability to be connected through outside networks through port 47808. As I have had no luck I have made the rule as open as possible with no luck. The firewall rule has Source Zone and Source Network…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • How to point my web server domain in sophos firewall?

    Ling Zhong Li
    Ling Zhong Li
    I have using third party DNS provided to point my web server domain to specify public IP. Currently, all setting is in Peplink and i want to remove it. When remove Peplink and direct plug my internet line to sophos, I cannot access my web server from…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Could not perform DNAT on more than 255 IP Addresses

    Rajesh Reddy
    Rajesh Reddy
    I am trying to translate destination addresses from 192.168.0.0/16 network to 172.16.0.0/16 network with one-to-one natting. I am getting an error saying "Protected application server on IPV4 cannot be bound with non-HTTP-based policy with IP range more…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XG, Mail Protection, multiple external IP addresses and DNAT. Mail Protection listens on all WAN IPs we need it only on 1.

    wolfman1
    wolfman1
    Dear Sophos Community, we are facing the following situation: - 2 WAN IP addresses - 2 Interfaces each holding one of those IPs - we need one WAN IP address on the Mail Protection feature (incoming mail from the Internet) - we need the 2. WAN…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Connections von extern über Heartbeat prüfen

    B-Team
    B-Team
    Hallo, Wir haben aktuell die Überlegungen Connections von extern in der Firewall zusätzlich mit Heartbeat zu prüfen und Clientszugriffe ohne Heatbeat zu sperren. Hier haben wir festgestellt, dass das zu unstabilen Verbindungen führt. Ist diese…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • XGS2100 Plex PFW

    Sophos User6061
    Sophos User6061
    Hi There, Recently switched over from a Draytek that had very basic PFW functionality and I've managed to get everything else working for my internal VOIP phone, but unable to get my plex port forwarding to work. For context, I use unraid to host…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Problem with Port Publishing when using different ports

    GernotMeyer
    GernotMeyer
    Hi all, XGS 19.5.2: I did that a couple of times: I have a Problem with Port Publishing when using different ports (externally 2100, internally forwarded to 22). I define an access rule from WAN to LAN on Port 2100. OK. I define a D-NAT rule…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • ipsec site-to-site vpn problem with dnat servers

    Kevin Stepper
    Kevin Stepper
    Hi, we have an XG135 in the headoffice and an XG87 in the branch office. in the headoffice we have two servers ( mail and something else ) that need to be reachable from the outside and we used the Server Accesss Assistant to create the correpsonding…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPSEC Sophos XG 18.5 (Nat configuration from tunnel)

    Boune
    Boune
    Hello, I got a IPSEC VPN from my sophos xg to remote firewall. Many subnet from my side are nated dynamiclaly with 172.30.10.0/24 to reach different subnet on the other side. Like (192.168.1.0/24 , 192.168.2.0/24 ...are nated with 172.30.10.0/24…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • CANNOT ACCESS PUBLIC SERVER(ON DMZ) FROM WAN

    TimothyWanume
    TimothyWanume
    Hello Am new to Sophos and I have tried to do some configurations but am not successful yet I have a server that I have connected to DMZ(SERVER uses a public IP) WAN is Public IP the challenge is that i cant ping the Server from WAN yet i can…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • FCM notifications are not working

    Yusuf HOBBI
    Yusuf HOBBI
    Greetings, we are hosting an internal web app and it requires google FCM services to be opened and working. i have created a DMZ DNAT rule for mentioned FCM ports, but still i am not able to get those notification messages delivered through sophos XG…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • ssl certificate ; this website is unsecure

    support support18
    support support18
    I HAVE A WEBSITE ON MY LOCAL SERVER 172.16.1.1 port 80 , and it's working when i try to access it from the internet but only with http ; when i choose https 443 it shows an eeror msg 'this webisite is unsecure click on link to proceed " ; so i brought…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Assign DDNS to host behind firewall

    Ghaith
    Ghaith
    Hello everyone, how do I publish an host or service behind XG thought DDNS? In my case, I have 4 Dyn hostnames and I need to assign a service for each of them and publish them though XG using DYNDNS NATed IP each service has different port, ISP…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • DNAT rule to publish FQDN?

    Jeff Vandervoort
    Jeff Vandervoort
    I'm migrating to an XGS136 (SFOS 19.5.1 MR-1-Build278). The old firewall published LDAPS on 2 DCs to a specific WAN server that needs to do LDAPS lookups for AD integration. The destination device was set to an FQDN object corresponding to the internal…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Two XG 19.5 IPSEC S2S connected, DNAT from WAN head office to a remote server in branch office.

    Damiano
    Damiano
    I have this situation: HEAD OFFICE: IP: 192.168.75.0/24 BRANCH OFFICE IP: 192.168.82.0/24 Host: 192.168.82.64 I established a S2S between the two firewalls but I need to publish from te WAN head office a service on a remote host in branch…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • New to Sophos XG - Issue with sepaerate wireguard server

    John Tankard
    John Tankard
    Hi All, I am new to Sophos XG coming from pfsense and have to say I will be staying, great NGFW. I have a slight issue though, one which I am sure is simple to solve. I have used the server access assistant (DNAT) to create a port forward rule from…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • do i need to change my DNAT inbound interface to correct ISP

    Sophos User1175
    Sophos User1175
    hi all, got a DNAT like below, blanked the fields out due to privacy do i need to change my inbound interface and outbound interface to the correct ISP as i have two ISPs, so it could be going out wrong ISP, or will it pick the right ISP to go out…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • DNAT Rule not Working

    Chaydo Nazario
    Chaydo Nazario
    I need a help. I made a DNAT configuration on our sophos XG 210, to able to access some service on our network but until now, when i try to check if the port is open or not, still closed and service not work externally, using public ip. screenshot…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Minecraft Server Authentication Servers are Down

    Caleb Sjostedt
    Caleb Sjostedt
    Hi all, I've been having an issue with my Minecraft server I host since switching over to Sophos. The Minecraft server functions normally with DNAT and the server is accessible from outside, except for this error below. Here are my FW/NAT rules…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Enquiry - Github Webhook

    Leslie Fleming
    Leslie Fleming
    Good Afternoon, I need some advice on how to best setup my firewall for Github Webhook forwarding to a Jenkins web-server. - My Sophos: SFVH (SFOS 19.5.1 MR-1-Build278) I have tested the following request successfully, in triggering a jenkins…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • inconveniente al publicar la pagina web (iterna y externamente)

    Yenni Liliana Rodriguez Pérez
    Yenni Liliana Rodriguez Pérez
    al crear la regla con el redireccionamiento hacia el puerto de la pagina este no lo realiza correctamente, aparece un error Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Port forwarding

    Chris Mottershead
    Chris Mottershead
    I need to setup port forwarding to send traffic going to my wan interface on port 444 to an internal server on prt 443, i hav etried every ttorial i can fid on the internet and nothing seems to work. can anyone suggest a tutorial that works and is…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Port-Weiterleitung nach aussen (Internet) möglich

    Gerald Gleissner1
    Gerald Gleissner1
    Hallo, die Sophos UTM konnte Zeitserver spielen, die XGS ja nicht, deshalb die Frage. Kann ich eine Portweiterleitung einrichten von allen Ports (außer WAN) Port 123 zu einem im Internet befindlichen Zeitserver oder Zeitserverpool? Gruß Geral…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos FW rule from version 17.5 question

    Chi Hing Chi Hing
    Chi Hing Chi Hing
    Dear All, Would like to seek for your help, i have the following firewall rule from Sophos 17.5, i would like to create the same rule in Sophos version 19.5, how do i create it under firewall rule + NAT rules for the following ? any help would be…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>