Hello! So I'm trying to get a tricky NAT over IPSec tunnel set up based on the requirements from a vendor of ours. They only want to see traffic from and going to the following subnets: 1.1.2.192/28 1.1.4.48/28 1.1.8.48/28 So they want our internal private…
Hello folks,
Every time I need to create a NAT rule I must go back to the Sophos video that explains it. The reason - I can't remember it because it is so counter intuitive. I hope you can help me figuring out a few key moments.
The video:
1) A…
Hello experts,
just a basic question...
I have Sophos XG with two ISPs. I have Remote SSL VPN configured for users to connect from home, etc... I have a rule that permits "VPN to Internet" and that rule is linked to NAT that translate these connection…
Hello, I'm a new network engineer in uncharted territory. I was wondering if I could get some assistance with an Azure VNET I'm trying to peer through a Sophos XG Firewall. I have another Sophos XG going for another project so it isn't entirely foreign…
About six months ago, I couldn't ping from local to remote after setting up a route-based, IPSEC VPN (Tunnel Interface). At the time I gave up and set up Windows as a router to get around the problem. I've since had to revisit and solve the problem properly…
Hello,
an XG uses a smarthost in the upstream to send and receive mails towards the internet. My problem is that the XG sends outgoing mails already on the right interface, but here is a transfer network towards the smart host, which is private and…
Greetings everyone!
I run a few TP-Link Mesh wifi systems with my current UTM. It was an easy setup which required no firewall rules.
We are moving to a new XGS firewall this month.
Will my TP-Link wifi setup work fine with the new XGS firewall…
Hi All,
I have Host (server) with wan IP 118.x.x.x
How to I set this Host to specific WAN IP 219.x.x.x ?
Do I need to create SNAT?
Model: Sophos XG 330 with 18.5.3 firmware
Thank you in advance
We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range.
Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and…
I have a need to isolate from a business network and wondered what capabilities the Sophos XG (18.5.3) has. In that, I've built rules for the following:
Packet from 10.1.1.1 destined to a DMZ 192.168.1.1 address, nat out to business site address which…
Hi folks,
I have the following problem:
I have an icinga 2 running in my network and I want it to ping a remote network via S2S.
This does work, but as soon as i create a DNAT with HTTP and HTTPS to my icinga, it stops working.
What i tried: …
Our XG 19 has 2 ISP links.
I created a NAT policy though the wizard which allows reaching a server on the LAN. this NAT policy is set to be available only on ISP1 - FiOS
I also created an SD WAN policy for outbount connections to select ISP based…
v18 newbie here.
in earlier version 17, there was only the firewall rules for all connection types.
In 18, have to create nat rules too.
There is no usage count on some of my migrated after 2 weeks from upgrade. Lan to lan communication requests…
Hello all
I want to create NAT + Access rules for DNS and NTP so any UDP 53 and UDP 123 traffic targetted for WAN gets redirected to internal servers.
Can anyone suggest how that can be achieved?
Thanks
A
We have some internal servers on which we have configured NAT rules to expose them to internet via dedicated WAN IPs for each server.
We are able to connect to the servers from WAN without any issues. But we are unable to connect from one server to…
I cannot figure out why my virtual Sophos XG in Azure is NAT'ing traffic across my IPSec VPN tunnel. There is no NAT rule in place for this. In fact, there's only one NAT rule on the whole XG. But all traffic from my local network, going over the tunnel…
After updating from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317 I started getting complaints of services not working, they depend either on outbound firewall rules or inbound DNAT rules.
The first failure to be reported was VoIP, oddly enough…
Hello,
wondering whether a tunnel based IPSEC VPN works with NAT on one (initiating) side. What zone information needs to be provided on the Gateway host?
Is it required that the two XFRM interfaces can ping each other?
The configuration used…
The equipment that connects to the top or bottom of the firewall has changed.
At this time, the snat or dnat policy set on the device is not applied.
You have to turn off the policy and then turn it on for it to work properly.
XG430 (SFOS 17.0…
Dears,
I Have firewall SOPOHS XG230. I have two gateway to internet.
when do rule LAN to WAN and select nat rule MASQ to access intenet.
I want change internet gateway for some LAN's IP, how i can do it?
some LAN access intenet from GW1
…
I am not sure if I always need NAT. Sometimes I do and sometimes I don't. My latest issue was two VLAN networks hanging off the LAN interface of the Sophos XG. I had the correct firewall rules in place but I couldn't get traffic to flow until I created…
Hallo zusammen, ich habe eine Sophos XG Home auf einer Proxmox Umgebung virtualisiert. Vor der FW habe ich eine Fritzbox in der die FW als Exposed Host eingestellt ist. Das Problem ist, dass die Pakete nicht in das Netz kommen bzw. an die FW und nicht…
Hi
PPPOE is done on the XG and from ISP provides 10.222.250.5/32.
We have a 213.150.X.X/29 from the ISP routed via 10.222.250.5.
LAN has internet and DNAT works PAT works that's all good.
How to register the sophos and add licenses because the…
hi
with UTM we had site to site tunnels and SNAT rules
on the sophos side i was able to create an snat rule
with severanl networks and hosts from our side and say sned them all down the tunnel behind 1 ip address in the range defined in the tunnel…