• Restrict by IP address. - but only for one URL?

    David Harrison1
    David Harrison1
    Good morning all, I have a single windows DMZ box set up which is hosting a number of different websites, apis etc. I have one site on that box that I want to restrict by external IP address. I know in the firewall rules you can restrict by port…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • WAF rule works while disabled - strange behaviour

    oldgoodname
    oldgoodname
    Hi Guys, I'm using XG with the newest firmware (18.0.4-MR4) and I have a onlyoffice workspace test installation behind it. When I open onlyoffice via private IP or FQDN, it automatically redirects from http to https. So I think it's working as it should…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Block GeoIP rule - DNAT Blackhole - WAF no longer working

    Fred_B
    Fred_B
    I found an earlier thread that GeoIP blocking was not working as the system take precedence over firewall rules and therfore are never hit. The Sophos advice was to create a DNAT Blackhole rule to a non existing IP adress. So I tried creating a DNAT…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Why create a police rule + a DNAT (PAT) rule

    lauwiks Cutman
    lauwiks Cutman
    Good morning all I ask myself the question of the interest of the creation of a firewall rule when creating a DNAT rule (PAT). After my migration from 17.5 to 18, the import of my rules went well. I then needed to access an equipment from the outside…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG | BGP multihomed (WAN) | DNAT & SNAT

    lvillarreal
    lvillarreal
    Here my question: 1. How can I set up SNAT if my public Subnet (3.3.3.0/24) it´s not configure in any interface? It´s possible? Can I create a Loopback interface on XG? 2. Publish my website (DNAT)! Any idea? Notes: - I push my network (3…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Problems with inbound traffic on one WAN interface in a multi WAN setup

    Guy Soudant
    Guy Soudant
    Hi, I've been working on a Soiphos XG 125 v18 for the last week to get it production ready, setting up the WAN interfaces (2) and the DNATs and FW rules. I thought I had everything covered, but I'm running into an issue I simply cannot resolve. So if…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • RDP to Server with the XG WAN having a private IP

    Davox1
    Davox1
    My set up at the moment is ISP 210.250.200.10 => Router 192.168.1.1 => XG WAN interface 192.168.1.55 => DMZ Server 192.168.206.10. I would like to RDP to my server in DMZ from the internet. The problem i am having is that my XG is not directly connected…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Regarding 80 and 443 ports

    Server Itcell
    Server Itcell
    Dear sir, I have been using Sophos xg firewall(cyberoam NG cr100ing). Iam facing a problem that my port 80 and 443 are opened for wan side, Our cyberfortress team is scanning the above said ports from wan side and telling this is vulnerability. plz…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Whitelist IP Address PCI Scan

    Bradley
    Bradley
    Hello, I am new to Sophos. We recently had a Sophos XG 125 installed on our small network at work. In order to stay PCI compliant, a scan is run every few months on our IP address. The IP source addresses are: 64.39.96.0/20 64.39.106.0/24…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Reflexive rule blocks WAN connection for the host mentioned in that rule

    Eduard Schick
    Eduard Schick
    Hi everyone, After using the DNAT assistant to enable access to my Synology from WAN ( https://community.sophos.com/xg-firewall/f/discussions/125700/synology-nas ), there are 3 NAT rules that have been created. The problem right now: My SynologyNAS…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • External Websites showing user portal

    Neihn
    Neihn
    This morning we switched over to our Sophos XG FIrewall. Professional services did alot of the leg work for us in the main configuration and while it appears most things are working properly we did find a few things wrong after we got off the phone with…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG and Dnats

    warper
    warper
    I am coming from the old utmost's side and busy learning all the new xg stuff. One thing I have not found is if I am trying to build a new XG and obviously trying to build all the gnats from the utmost side. It will load the gnats and bind the appropriate…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • external RDP access does not work - XG Firewall bridge mode

    Diego Beton
    Diego Beton
    I need to learn how to free external access to RDP. Before placing the Sophos Firewall on the bridge, my Mikrotik was solely responsible for releasing the RDP ports of each server of mine. Now I can't communicate externally with my servers, only locally…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Synology NAS

    Eduard Schick
    Eduard Schick
    Greetings, I guess it's a simple and common asked issue, but unfortunatelly the search function seems to be disabled/malfunctioning right now - despite trying different keywords. And some (video) guides that I found show some setups on old versions…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG home edition, no acess from LAN to DMZ

    Muhammad Siddiqui
    Muhammad Siddiqui
    Hello folks i just provisioned a xg home... all is good but my internal plan subnet not able to reach dmz at all, appearsto be a problem with NAT... possibly DNAT...a little lost here. Tried the v18 feature of dnat wizard but it asks for wan address…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • cannot access web server from inside network (LAN)

    Ralph Andrei Christian Macalino
    Ralph Andrei Christian Macalino
    Hi, I am having a problem with my Sophos XG firewall v17.5. I am trying to access my public facing server from my LAN where the server is hosted, but I am getting timed out. When I try to access it outside my LAN, it works. I have tried turning…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Simple DNAT/Firewall rules not working

    m25mark
    m25mark
    I have tried the following scenario by building the DNAT rule and Firewall rule manually. And I have tried using the "assistant." Neither work. I would appreciate if someone could take a look at this scenario for me since the support portal is still down…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • RED configuration for PCI DSS compliance v18 DNAT

    Brandon McGouldrick
    Brandon McGouldrick
    I have an XG135 running (SFOS 18.0.1 MR-1-Build396) and I am currently failing Security Metrics PCI scan for the following: I am trying to follow the KB Sophos has provided but in v18 DNAT and Firewalls are separated, and I can't seem to get everything…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Serverzugriff über IPv6 DNAT funktioniert nicht

    Moritz Wiesenmaier
    Moritz Wiesenmaier
    Hallo Community, ich versuche derzeit mein Netzwerk von außerhalb erreichbar zu machen. Da ich über einen DS-Lite tunnel verfüge, muss ich dies über IPv6 verwirklichen. Von meinem ISP wird mir ein dynamisches IPv6 Präfix zugewiesen. Da ich keine Funktion…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • DNAT Settings multiple gateways

    AlessandroBlasi
    AlessandroBlasi
    Hi Everybody, I'm configuring some DNAT Rules for our Citrix Environment following this guide techbast.com/.../sophos-xg-v18-how-to-configure-dnat-with-load-balancing-on-sophos-xg-for-outside-client-can-connect-to-web-servers-on-firmware-version…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • [WORKAROUND] XG18 - Loopback NAT not working

    roderickvd
    roderickvd
    I believe there are several threads on this without a solution. Chiming in here: I have a server in a DMZ VLAN exposing HTTPS over DNAT, including loopback and reflexive NAT rules. The XG18 firewall has an xxx.myfirewall.co dynamic DNS registration…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • SilverShield SFTP behind XG

    ciwan
    ciwan
    Hi Guys I have a program called SilverShield which is SFTP program behind UTM and realized that it has DNAT set up on UTM. I am trying to set up DNAT on XG which has more options and tried a few it does not work. By looking at below screenshot, is…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • DNAT Regel zur Ansteuerung eines Servers aus dem Internet

    Ha3ht4g2024
    Ha3ht4g2024
    Hallo Zusammen, ich bin etwas verzweifelt. Ich bekomme es einfach nicht hin, einen meiner Server aus dem Internet erreichbar zu machen. Über den DNAT Assistenten habe ich eine Regel erstellt: Interne Server Adresse: Mein Server Öffentliche IP Adresse…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Source and Destination port in reflexive rule

    Suhail T
    Suhail T
    If we checked reflexive rule in a DNAT rule. What will be source and destination of the reflexive rule. Lets say , we have a DNAT rule for HTTP and orginal port and translated port are same . So the source port range is 1:65535 and destination port…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • DNAT rules for HTTPS with a custom port from wan

    Deepak Verma
    Deepak Verma
    Hi, I want to configure a DNAT rule where my user can access my server using the https with custom port 8000, but When I will try with this redirection Sophos is redirecting my query on the user portal. I tried to disable the user portal but no luck…
    • Answered
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>