I have a problem where I am unable to ping google and it somehow seems as the firewall is missing a route back to my client. My client is inside a VLAN (172.16.87.99) and from the traffic below I can see that it correctly routes to the gateway address…
Hello everyone, I can't get an IPsec NAT Site-to_site tunnel to work. I get "IKE message (9C0134C0) retransmission to VPN.GATEWAY.ADRESSE.HERE timed out. Check if the remote gateway is reachable." (i can ping it) we have the following: I try to establish…
My goal is to install a telephony server in the LAN.
This server must be accessible from the internet with a number of protocols here (PRO_Starface). To prepare this I created a NAT rule and a firewall rule to access this server from internet.
Just…
Hi There,
I’m new in the Sophos world and I have some trouble configuring 1to1 NAT. My case: XG115 Firewall (XG115 (SFOS 19.0.1 MR-1-Build365), 1 Server in the LAN (no DMZ), 1 public address for this Server. I want to access my Server from Internet…
EDIT: Problem solved. You cant limit anyhow Source for specific country without problems on SophosXG - my problem was NAT, if you'll setup NAT then such source will be excluded from any malware scanning, logging etc. We must wait 'till Sophos Team will…
I had this working in Untangle for years, then switched to OPNsense for a few weeks and got it working, now I've decided to go with Sophos but I'm stuck. (Loving Sophos XG, btw.)
I have two PiHoles running on my LAN and want to force/redirect all…
When try to save NAT Configuration it is showing "Original and translated services don't match" and am not able to store that. Any idea why? What am doing wrong?
I recently moved the customer from Sonicwall to Sophos. The customer being a bank has a P2P connection with their ATM service provider. There are multiple resources on this P2P service and most have an IP binding configured. For most of them they have…
Hi,
on XGS-136 when I use NAT rule wizard, it creates all needed rules + one not-needed Reflective rule. I don't really understand, what Reflective rule is and why is it needed. I usually only create DNST rules, from outside into LAN or DMZ, and local…
Hi there, We have here a Sophos XG v18.5.2. Currently, we are successfully running a route-based VPN tunnel that includes several routes. Since the remote loaction also has the subnet 192.168.1.0/24, we must set up a VPN NAT. 172.16.56.0 > 192.168.1.0…
how can i forward traffic from lan 1 to lan 2 with nat ?
i want all traffic (many networks ) forwarded from interface 1 (lan 1) to interface 4 (lan 2) to translate from the source network address to interface ip (interface 4)and pass to the internal…
Hi all,
Semi-newcomer here, as I haven't used Sophos Firewall since XG 17.5. When it went EOL, I tried out pfSense for a short while before finally deciding to retire our old, but reliable UTM 110/120 appliance. The UTM 110/120 only has 2GB RAM, so…
Hello! So I'm trying to get a tricky NAT over IPSec tunnel set up based on the requirements from a vendor of ours. They only want to see traffic from and going to the following subnets: 1.1.2.192/28 1.1.4.48/28 1.1.8.48/28 So they want our internal private…
Hello folks,
Every time I need to create a NAT rule I must go back to the Sophos video that explains it. The reason - I can't remember it because it is so counter intuitive. I hope you can help me figuring out a few key moments.
The video:
1) A…
Hello experts,
just a basic question...
I have Sophos XG with two ISPs. I have Remote SSL VPN configured for users to connect from home, etc... I have a rule that permits "VPN to Internet" and that rule is linked to NAT that translate these connection…
Hello, I'm a new network engineer in uncharted territory. I was wondering if I could get some assistance with an Azure VNET I'm trying to peer through a Sophos XG Firewall. I have another Sophos XG going for another project so it isn't entirely foreign…
About six months ago, I couldn't ping from local to remote after setting up a route-based, IPSEC VPN (Tunnel Interface). At the time I gave up and set up Windows as a router to get around the problem. I've since had to revisit and solve the problem properly…
Hello,
an XG uses a smarthost in the upstream to send and receive mails towards the internet. My problem is that the XG sends outgoing mails already on the right interface, but here is a transfer network towards the smart host, which is private and…
Greetings everyone!
I run a few TP-Link Mesh wifi systems with my current UTM. It was an easy setup which required no firewall rules.
We are moving to a new XGS firewall this month.
Will my TP-Link wifi setup work fine with the new XGS firewall…
Hi All,
I have Host (server) with wan IP 118.x.x.x
How to I set this Host to specific WAN IP 219.x.x.x ?
Do I need to create SNAT?
Model: Sophos XG 330 with 18.5.3 firmware
Thank you in advance
We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range.
Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and…
I have a need to isolate from a business network and wondered what capabilities the Sophos XG (18.5.3) has. In that, I've built rules for the following:
Packet from 10.1.1.1 destined to a DMZ 192.168.1.1 address, nat out to business site address which…
Hi folks,
I have the following problem:
I have an icinga 2 running in my network and I want it to ping a remote network via S2S.
This does work, but as soon as i create a DNAT with HTTP and HTTPS to my icinga, it stops working.
What i tried: …
Our XG 19 has 2 ISP links.
I created a NAT policy though the wizard which allows reaching a server on the LAN. this NAT policy is set to be available only on ISP1 - FiOS
I also created an SD WAN policy for outbount connections to select ISP based…
v18 newbie here.
in earlier version 17, there was only the firewall rules for all connection types.
In 18, have to create nat rules too.
There is no usage count on some of my migrated after 2 weeks from upgrade. Lan to lan communication requests…