• Routing Problem on XG19.0.0

    Leonardo Avesani
    Leonardo Avesani
    I have a problem where I am unable to ping google and it somehow seems as the firewall is missing a route back to my client. My client is inside a VLAN (172.16.87.99) and from the traffic below I can see that it correctly routes to the gateway address…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Can't get IPsec Site-to-Site Tunnel with NAT to work

    Rene Böhres
    Rene Böhres
    Hello everyone, I can't get an IPsec NAT Site-to_site tunnel to work. I get "IKE message (9C0134C0) retransmission to VPN.GATEWAY.ADRESSE.HERE timed out. Check if the remote gateway is reachable." (i can ping it) we have the following: I try to establish…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Strange Firewall rules or something not understood

    Thierry MICHELS
    Thierry MICHELS
    My goal is to install a telephony server in the LAN. This server must be accessible from the internet with a number of protocols here (PRO_Starface). To prepare this I created a NAT rule and a firewall rule to access this server from internet. Just…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • XG115 Firewall and 1to1 NAT

    Thierry MICHELS
    Thierry MICHELS
    Hi There, I’m new in the Sophos world and I have some trouble configuring 1to1 NAT. My case: XG115 Firewall (XG115 (SFOS 19.0.1 MR-1-Build365), 1 Server in the LAN (no DMZ), 1 public address for this Server. I want to access my Server from Internet…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • What is going on with WAF on XG?

    Regex
    Regex
    EDIT: Problem solved. You cant limit anyhow Source for specific country without problems on SophosXG - my problem was NAT, if you'll setup NAT then such source will be excluded from any malware scanning, logging etc. We must wait 'till Sophos Team will…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Force DNS to LAN PiHole XG Home 19

    joe shellen
    joe shellen
    I had this working in Untangle for years, then switched to OPNsense for a few weeks and got it working, now I've decided to go with Sophos but I'm stuck. (Loving Sophos XG, btw.) I have two PiHoles running on my LAN and want to force/redirect all…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • NAT CONFIGURATION

    SATHEESH KOOLIPPILAKKAL
    SATHEESH KOOLIPPILAKKAL
    When try to save NAT Configuration it is showing "Original and translated services don't match" and am not able to store that. Any idea why? What am doing wrong?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Private IP to WAN side without NAT

    Mayuresh Bhagwat
    Mayuresh Bhagwat
    I recently moved the customer from Sonicwall to Sophos. The customer being a bank has a P2P connection with their ATM service provider. There are multiple resources on this P2P service and most have an IP binding configured. For most of them they have…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • What is Reflective rule in XGS?

    Andrej Pirman
    Andrej Pirman
    Hi, on XGS-136 when I use NAT rule wizard, it creates all needed rules + one not-needed Reflective rule. I don't really understand, what Reflective rule is and why is it needed. I usually only create DNST rules, from outside into LAN or DMZ, and local…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Route-based VPN and NAT, how ?

    StefanS
    StefanS
    Hi there, We have here a Sophos XG v18.5.2. Currently, we are successfully running a route-based VPN tunnel that includes several routes. Since the remote loaction also has the subnet 192.168.1.0/24, we must set up a VPN NAT. 172.16.56.0 > 192.168.1.0…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Lan - lan source nat

    nedal tomeh
    nedal tomeh
    how can i forward traffic from lan 1 to lan 2 with nat ? i want all traffic (many networks ) forwarded from interface 1 (lan 1) to interface 4 (lan 2) to translate from the source network address to interface ip (interface 4)and pass to the internal…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SNAT - randomize outgoing source port with iptables

    Someone_7272
    Someone_7272
    Hi all, Semi-newcomer here, as I haven't used Sophos Firewall since XG 17.5. When it went EOL, I tried out pfSense for a short while before finally deciding to retire our old, but reliable UTM 110/120 appliance. The UTM 110/120 only has 2GB RAM, so…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • NAT - Worked in SG not in XG

    Chris Wood
    Chris Wood
    Hello! So I'm trying to get a tricky NAT over IPSec tunnel set up based on the requirements from a vendor of ours. They only want to see traffic from and going to the following subnets: 1.1.2.192/28 1.1.4.48/28 1.1.8.48/28 So they want our internal private…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Flow: Firewall and NAT

    FormerMember
    FormerMember
    Hello folks, Every time I need to create a NAT rule I must go back to the Sophos video that explains it. The reason - I can't remember it because it is so counter intuitive. I hope you can help me figuring out a few key moments. The video: 1) A…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Remote SSL VPN & NAT with two ISPs

    Michal Sumega
    Michal Sumega
    Hello experts, just a basic question... I have Sophos XG with two ISPs. I have Remote SSL VPN configured for users to connect from home, etc... I have a rule that permits "VPN to Internet" and that rule is linked to NAT that translate these connection…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Peering an Azure VNET to Sophos XG Firewall

    Josh Whitaker
    Josh Whitaker
    Hello, I'm a new network engineer in uncharted territory. I was wondering if I could get some assistance with an Azure VNET I'm trying to peer through a Sophos XG Firewall. I have another Sophos XG going for another project so it isn't entirely foreign…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Solved:Azure site-to-site VPN route-based tunnel connectivity issues

    woter324
    woter324
    About six months ago, I couldn't ping from local to remote after setting up a route-based, IPSEC VPN (Tunnel Interface). At the time I gave up and set up Windows as a router to get around the problem. I've since had to revisit and solve the problem properly…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Smarthost - Outgoing Interface + NAT

    Sophos User2126
    Sophos User2126
    Hello, an XG uses a smarthost in the upstream to send and receive mails towards the internet. My problem is that the XG sends outgoing mails already on the right interface, but here is a transfer network towards the smart host, which is private and…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Will my TP-Link mesh wifi work with my new XGS firewall?

    Sean Rome
    Sean Rome
    Greetings everyone! I run a few TP-Link Mesh wifi systems with my current UTM. It was an easy setup which required no firewall rules. We are moving to a new XGS firewall this month. Will my TP-Link wifi setup work fine with the new XGS firewall…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Host WAN IP

    bigneo7
    bigneo7
    Hi All, I have Host (server) with wan IP 118.x.x.x How to I set this Host to specific WAN IP 219.x.x.x ? Do I need to create SNAT? Model: Sophos XG 330 with 18.5.3 firmware Thank you in advance
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Double NAT with IPsec Tunnel Interface VPN

    Daniel Ferreira
    Daniel Ferreira
    We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range. Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • VRF / NAT routing

    Matthew LaComb
    Matthew LaComb
    I have a need to isolate from a business network and wondered what capabilities the Sophos XG (18.5.3) has. In that, I've built rules for the following: Packet from 10.1.1.1 destined to a DMZ 192.168.1.1 address, nat out to business site address which…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • No Ping after DNAT

    sebmoe
    sebmoe
    Hi folks, I have the following problem: I have an icinga 2 running in my network and I want it to ping a remote network via S2S. This does work, but as soon as i create a DNAT with HTTP and HTTPS to my icinga, it stops working. What i tried: …
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG 19 SD WAN with NAT rules

    Geniux
    Geniux
    Our XG 19 has 2 ISP links. I created a NAT policy though the wizard which allows reaching a server on the LAN. this NAT policy is set to be available only on ISP1 - FiOS I also created an SD WAN policy for outbount connections to select ISP based…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • NAT rule for Loopback and VPN connections

    Can carmack
    Can carmack
    v18 newbie here. in earlier version 17, there was only the firewall rules for all connection types. In 18, have to create nat rules too. There is no usage count on some of my migrated after 2 weeks from upgrade. Lan to lan communication requests…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>