Hello volks, yesterday I stumbled over a weird new issue. It seems that our NAT masquerading rules are not applied when traffic matches a policy or multipath route (in interface mode). So I tried a traceroute with a port so the trace would match the…

Hello community, i got a question related to the NAT Traversal setting in Sophos UTM (9.714-4). I created a new VPN tunnel between an SG125 and an SG230 and the tunnel seems to be up and running fine, according to the webinterface, but i am not able…

Hi guys, I’m trying to NAT (or DNAT) Single WAN with multiple ports to Internal LAN IPs. Just wondering what’s the best way to do it. Example: WAN 40.12.34.56:1000 to 192.168.1.5 WAN 40.12.34.56:2000 to 192.168.1.6 WAN 40.12.34.56:3000 to 192…

Hello Community, I am out of solutions here and want your help, I have Many web servers on the LAN, each has DNAT (Static IP) I have many static IPs, all on one interface (PortB:0, PortB:1, PortB:2, ...) each subinterface has a static IP I use Cloudflare…

Hallo zusammen, ich stehe derzeit vor einem Problem was für mich noch nicht ganz schlüssig ist. Wir haben eine Sophos UTM 9 bei uns im Einsatz. Nun zu meiner Situation: Wir mussten unseren Datenbank Server aufgrund von Ressourcen Mangel auf einen…

Integrated Site Web services with company internal software Web Service URL - br.ampbr.com/.../hh Site Web Public Ip -162.11.15.15,119.14.15.12 I have a DMZ server which run application ,to which this URL is integrated by API programmer I need…

I have two UTM 9 on different locations (A, B) of our company. I want to access to machines on the locations B with UNC Path. The reason is that I have a application Server on the location B and I want to have access with UNC path \\appserver\text to…

I feel like I'm doing everything right... but something's not working. We have a DevOps Server which provides SSH access for GIT operations. I've created a DNAT rule for it: from InternetV4 -> SSH -> External IP to change the destination to the DevOps…

Hello, I am trying to configure UTM9 Webserver Protection feature to manage several domain names, routing to specific web servers in DMZ, through my one and only public IP. I have 2 DNS entries pointing to the same public IP: sub1.mydomain.com sub2…

Hello, I have a problem with Sophos WAF and the external access to specific SAP Business One Services. The access works completly fine with NAT however the company would like to use WAF for providing external access. We get a HTTP ERROR 500 when trying…

Hello there, i am quite confused. We've built up a new ipsec tunnel with an external partner. He and we only defined one single network as the "local" network to have access to the external network net (eg. 192.168.66.0). There is only https traffic…

I have a File server name Synology, it has option to share files to external users, i tired to share the files but remote users not able to access it, i have two Firewall in my Domain, one UTM version 9.711-5 another XG. On XG i just created DNAT…

Dear, currently we use a single EX2016 on Premise. Incomming Mails are delivered to our UTM (SG330), which scans for Spam/Virus and then routes them to our EX-Server. Outgoing Mails are routed to an ext. Smarthost. Outlook Web Access is published…

Hello, I am new to the forum and have a question directly to the experts here. We use a Sophos SG230 UTM 9. I would like to establish an external OpenVPN connection from my computer, which is behind the Sophos, to another network. Unfortunately the…

Hallo Zusammen, ich hoffe ihr könnt mir bei einem Problem weiterhelfen. Ich habe das Problem das meine Sophos SG330 bei erhöhter Last (z.B. Speedtest via fast.com - kommt bis ~4,7Gbit) zum Teil die Verbindung ins Internet verliert - allerdings nicht…

Hello everyone! we have a newly deployed Remote Desktop Gateway Server (on Windows Server 2019) installed in our environment and I was successfully able to publish it through our UTM 9 WAF. Unfortunately, by doing this I am only able to get RPC-HTTP…

Hi everyone, im thinking about buying a Sophos UTM9 Appliance and i wanted to know which method of nat it is using (Full-Cone, Symmetric, Restricted-Cone or Port-Restricted Cone). Sadly I didnt find any information on this topic. Can someone tell…

Hallo zusammen, folgendes Problem: Interface 1: TK Netzwerk: 10.2.10.0/24 Interface 2: RED60 10.3.10.0/24 Telefon IP = 10.2.10.30 (steht hinter der RED) Tunnel besteht, Pingen geht auch. Telefon findet aber die TK nicht trotz fester IP-Adresse…

Hallo zusammen, ich habe eine SG125 mit einer Home Lizenz aktiviert. Ich bin leider über die Anzahl der Clients gekommen, geringfügig :-) mit 40Clients. Was komsich ist das erst nach monaten das Problem auftaucht das Clients keine IP-Adressen…

I have two WANs in uplink balancing and normally one of them is in active interfaces (e.g. WAN1) and the other is in standby (e.g. WAN2). Sometimes I want to let one of our internal endpoints to connect to the internet via WAN2 so: 1. I move the WAN2…

Hi all, I'd appreciate some help on this matter, basically we have purchased an extra range of IP addresses from our ISP which we want to apply to different webservers. Now the way I thought this was done on the UTM and the way that others have detailed…

Hi, I want to open port 3579 on my UTM so I can use this custom port remote-ing into my PC at home. The reason why I want the special port created is because I know it's never a good idea to have port 3389 open on your public IP. I set up the DNAT rule…

Hi, We need to publish a new mail server for a new domain, but we want to publish it with it's own public ip. The story :) We have Sophos UTM to manage mail protection for our principal domain, let say example.com The public ip for the UTM is…

Hello , i have 2 servers 1 hp dl360g5 with 2 utp ports 1 is lan 1 wan this is my utm v9 and one dell r610 witch has 4 port 3 not connected 1 conected directly to the hps lan utp port. Configuration is as follows The UTM has 2 port port 1 is the…

Hello, Traefik is a Docker-aware reverse proxy and i want to use it for my dmz sites, some of then in docker container and other deployed "normaly" like Outlook Web Access (OWA), so i need to set up a reverse proxy and expose ports 80 and 443 and i…