Hi folks,
a question for those who can provide guidance and maybe even answer.
The daily report shows various classifications for NTP type traffic.
1/.
2/.
3/.
I was reviewing the hairpin NAT configurations and found there were some items…
Hi,
I've got the following case on a customer site:
Internal webserver on LAN, needs to be accessed from same or different internal LAN on the external IP, normally I use a loopback NAT rule and this works.
Since a few weeks we had to switch to…
Hi, I've got the following case:
HA XGS3300
Three WAN connectinons
P2 ISP 1
P4 ISP 1
P6 ISP 2
P2 and P4 are BGP.
P6 is stand alone.
All internet connections are working.
When configuring SNAT and or SD-WAN all traffic for WAN is over…
SNAT with multiple WAN gateways isn't working..
WAN Gateway 1 = Port3 - its public with /27 worth of aliases
WAN Gateway 2 = Port5 - its public with /28 worth of aliases
(IP Host) SNAT with Port3 aliases work for all of the rules I've created…
Hi Sophos Community
After a lot of trial and error I'm hoping you can help me finding a solution to my scenario:
In my home setup I have my wan-interface of the sophos in a transit network. My ISP router forwards any traffic to the sophos. Now…
Hi,
what would be the proper way to configure different WAN ALIASES for outbound traffic, for example in this manner:
LAN users would use WAN Alias 1 for browsing and accessing web
LAN2 users would use WAN Alias 2
FreeWiFi users would use WAN…
Hi Folks,
I'm moving from UTM to SFOS. Getting it setup with the basics was all fine but something I've been wanting to try for a while was to remove the masq rules as sophos is my back firewall in a back to back config. I ran into an issue though…
Greetings fellow members,
I have 2 networks with 1 sophos firewall each, network A (Public IP/80.80.80.128, Local Network/192.168.20.1/24) and network B (Local Network 192.168.10.1/24).
Sophos B XGS107 ( SFOS 19.5.3 MR-3-Build652)
Sophos A XG135…
Good morning. I have a problem in identifying which server makes requests to another when the requests arrive to a loopback to access internal servers when pointing to their public ip's.
Example: server with ip 192.168.1.20 resolves DNS that points…
static IP 203.122.47.42 on port 84 is showing as closed. We need to bind this static IP to the local IP address 10.0.1.134 . Please assist with this at your earliest convenience.
Thank you.
Hello Everyone,
I am a new user of Sophos Firewall for Home, unfortunately I am encountering a few issues. I have managed to get an internet connection on it but I am unable to register it and getting the following error - Can't connect to the registration…
Hello all,
I have inherited a firewall that has linked NAT rules for LAN to LAN type rules. Is there any need for them (I don't think so as really only required for LAN to WAN), and would it hurt anything if I just left the NAT rules?
Thanks.
Hello all,
I have a situation with a IPsec VPN setup between two sites that have subnets that are the same. I followed these instructions and it worked ok;
NAT with route-based IPsec when local and remote subnets are the same - Sophos Firewall
However…
We recently replaced all our xg230 with xgs 2300 firewalls.
Geovision Video server is on a dmz with port forward rule and NAT rule.
Remote playback and viewlog you can't connect to them. Live view works fine. Other sites no issues. Firewalls are setup…
Hi,
I have been given an iptables command and I would like to create the same rule on my XG. Could anyone confirm if I have "translated" the rule correctly, please?
iptables -t nat -I PREROUTING -s 10.100.20.19 -d www.riscocloud.com -p tcp --dport…
Hello everyone!
I have 2 SOPHOS firewalls in two different buildings, connected by Long Range Aerials (point to point).
FIREWALL 1 is configured like this:
LAN 192.168.122.X (Aerial 1 is part of this DHCP pool)
WAN public IPs (static)
then…
I have a scenario and trying to set something up for the interim.
In essence, the requirement is to get an APP server at location A to connect to DB server in location B.
The main issue with this is that both locations have the same subnet (E.g 172…
Hi,
Any advice would be appreciated for the following please.
We have a number of devices that have been configured to communicate with an internal server by IP address. This server is now being migrated to the cloud on a unique subnet. We are not…
I created a new rule which allows traffic originating from VPN subnet to the external IP address.
I verified in the logs that the traffic passes by unobstructed. Also verified in SSL VPN settings that the particular VPN profile contains that IP address…
Hello,
We use several networks and several public IP addresses, which are stored as aliases on the WAN interface. How do I configure the NAT rule so that, for example, the public IP address xxx.xxx.xxx.xxx is used for network A and the address yyy.yyy…
I'm having to restart this system to get Firewall / NAT rules enforced when changes are applied. This seems to happen with quite a few people in the community.
I've found sometimes disabling the firewall rule that feeds a NAT rule loads the additions…
Today we want to replace our old UTM with an XGS 3100 cluster. In advance, we had created rules manually. But we were only able to test it today.
We have a LAN port 1 (192.168.2.0/24) and a 2nd LAN on port 7 (192.168.201.0/24) When I access 192.168…
I have a Sophos Firewall XG115 with Firmware revision 19.5
I am trying to open ports associated with a LAN Host , using DNAT assistant. There is a range of ports to be opened ports 40,000 to 60,000.
I have created a service with ports 1:65535 mapped…
Hello community,
we are using a Sophos XG 310 for quite some years now.
Since the beginning we had two WIFI's configured. One with Bridge to AP LAN and one as Separate Zone with Hotspot system.
I never had to create a special firewall rule to get…
I have to seperate two networks using the same LAN Interface running XG in natest version with 1 phyiscal NIC bound to LAN and 1 physical nic bound to wan. The need is that there is no access form Private Network IPs to Company Network IPs and Vice Versa…