• Issues creating PAT

    Justin Gallos
    Justin Gallos
    Hi. This is my first time configuring this. I am having some trouble with it. I tried to search on the forum but the one I found had pictures that do not work anymore. I have one public IP and want to direct it to 2 internal IP addresses with the same…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • 18.0.4 MR-4: NAT LOOPBACK not working

    twister5800
    twister5800
    HI all, Been sweeping the community for hours now regarding this issue, simply cannot make it work :-( Have been using the DNAT Assistant which creates both reflexive rule and Loop back, not working. Been trying to setup loopback rule myself…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • mr4 SNAT -> traffic is lost suddenly

    BasSanders
    BasSanders
    Hi All, As support is continuously failing to support us i am trying here. We have a setup with a cluster of XG210's running 18.0 MR4. Since this implementation, we are regularly having issues with our customers PBX. Packets coming from the PBX…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • NAT rule Order causes outage

    flomb
    flomb
    For multiple smaller customers I have one default SNAT with MASQ to enable internet access and usually two DNAT rules. These rules do not interfere. On multiple occasions it happend that the DNAT rules did not work although configured correctly. All…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • RED configuration for PCI DSS compliance v18 DNAT

    Brandon McGouldrick
    Brandon McGouldrick
    I have an XG135 running (SFOS 18.0.1 MR-1-Build396) and I am currently failing Security Metrics PCI scan for the following: I am trying to follow the KB Sophos has provided but in v18 DNAT and Firewalls are separated, and I can't seem to get everything…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • After Upgrade to v18.0 MR4 Auxillary Appliances boots in Failsafe Mode - Reason "Unable to apply NAT Rules"

    Gordon Leisering
    Gordon Leisering
    Hi, today i upgraded an Sophos XG Cluster from v18.0 MR 3 to v18.0 MR 4. Everything looked fine, so i did an Failover check, Afterwards not all outgoing WAN Connection possible. After some checks we recognized that the Appliance booted in the Failsafe…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Unable to check the address used in IPv6 NAT log.

    core_memory
    core_memory
    The item src_trans_ip output to the log is incorrect, when using IPv6 Source NAT. src_trans_ip will have the same address as dst_ip. The real address after Source NAT is not logged. This issue was tested with SFOS 18.0.4. This is a bug, isn't it?
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG IPsec port forwarding

    Emil Naklicki
    Emil Naklicki
    Hello, I have A Sophos XG at work and a Sophos XG at home. Recently I have acquired a Meraki MX64 that I am running behind my Sophos XG at home. I have been tasked with setting up my work XG with the Meraki MX in a site2site tunnel (for a future deployment…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Create loopback rule for XG itself

    Daniel Bingham
    Daniel Bingham
    Hi, A very long time ago, I upgraded from V17 to V18. Today, I decided to hit the magic button about cleaning up unused NAT Rules under Rules and Policies --> NAT Rules. Since doing that, my loopback to the XG itself has stopped, meaning I…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • No NAT Rule for VTI Interface

    warnox
    warnox
    Hi, I've configured an IPsec tunnel over VTI with OSPF routing and I'm wondering what is the recommended way of creating a No-NAT rule? I would expect to leave all the fields with default values and just set the outbound interface as the VTI (XFRM…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • How to fully block/drop packets from a malicious WAN address?

    CraigLloyd
    CraigLloyd
    Hi, Since upgrading to V18 where NAT and Firewalls have been separated. How would I be sure to fully block and Drop a malicious WAN address traffic from hitting our web facing services? I have written a drop rule containing a list of IP Addresses…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • XG 18. snat binding to specific public ip

    Luc_GLLM
    Luc_GLLM
    I have only WAN interface with multiple public ip addres configured as an alias IP. So.. #PortB, #PortB:1, #PortB:2 etc... All clients leave the internet via the default snat with the firewall public ip configured in port #PortB. I would like only an…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Serverzugriff über IPv6 DNAT funktioniert nicht

    Moritz Wiesenmaier
    Moritz Wiesenmaier
    Hallo Community, ich versuche derzeit mein Netzwerk von außerhalb erreichbar zu machen. Da ich über einen DS-Lite tunnel verfüge, muss ich dies über IPv6 verwirklichen. Von meinem ISP wird mir ein dynamisches IPv6 Präfix zugewiesen. Da ich keine Funktion…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • WAN IPv6 to DMZ/LAN IPv4

    EGT
    EGT
    Hello Forum! I have a little challenge here. TLTR: Translating WAN IPv6 to LAN IPv4. I would like to make various services accessible via IPv4 and IPv6 from the WAN side. Internally in the LAN and DMZ I would like to continue working only with IPv4…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Version 18 and the Nat Rules

    Alex Harding1
    Alex Harding1
    Hi Guys Hoping someone can help me as I'm struggling a bit with V18 and the decoupling of NAT rules. I know it works as its working on V17 without issue. We have a vlan and within that vlan there is a device which requires WAN access. I have created…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Give public IP an alias name

    Jonathan Nali
    Jonathan Nali
    Hi everyone, I wonder if this is possible. I did a NAT rule so users outside the network can access a particular application that is behind the Firewall(Sophos XG) So, currently, the access is this way: public IP/ApplicationName I would like to…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • NAT DNS Service to LAN address

    Brian Thill
    Brian Thill
    I want IoT devices to use my internal DNS server. I setup a NAT rule to translate inbound DMZ interface to destination internal DNS server and I have a matching firewall rule but the traffic is getting dropped. IoT device calls to 8.8.8.8 on Port 53…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • NAT between IPSEC and SSL VPN

    Developers VerticalBooking
    Developers VerticalBooking
    Hi all, I own a XG135 cluster, with some IPSEC VPNs to some external endpoint and an incoming SSL VPN; all works fine. Now I'd like to give to the SSL VPN an access to the IPSEC tunnels and I thought to do that through a NAT (natting the exiting SSL…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Blackhole NAT + DROP firewall - Accept anyway?

    KekesiV
    KekesiV
    Hi Community! I've set up a blackhole DNAT ( https://support.sophos.com/support/s/article/KB-000038943?language=en_US ) and added a firewall rule: I can see a lot of IP going to the dummy address and being blocked (on TCP443 it's rejected with 403…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Cannot reach Gateway when VLAN in on LAN on Sophos XG

    Jonathan Nali
    Jonathan Nali
    Hi everyone, I know the question may not be clear but here it is. I have managed to get connectivity between the branch and HQ. I can ping and access devices on both sides. The issue is, when VLAN551, which is the data vlan, is on WAN, the cisco…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG 18 and Plex Remote Access

    dma0
    dma0
    I was wondering if anyone has been able to successfully configure Sophos XG 18.0.1 so that Plex remote access is enabled. Prior to v18, I had created a firewall business application rule based on the various posts in this forum and it worked just fine…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Setup Question LAN/WAN VPN

    Hinze
    Hinze
    Hi ! I'm quite new to XG Firewall. I've got the following Setup: XG Softwarebased setup on 2 Lan Card PC Port 1 LAN with Range from 192.168.1... Port 2 WAN with Statik IP 192.168.3.... getting it from Router LAN Router with static IP Adress…
    • Answered
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Maskierung VPN Tunnel

    MaxRiedel
    MaxRiedel
    Hallo zusammen, ich habe bei einem Kunden der zwei Standorte hat ein Side-to-Side VPN über IPsec am laufen. Der Kunde sitzt in Standort A und greift per RDP auf Standort B zu. Der Kunde hat für eine ganz Spezielle Webseite eine Router gesetzt, die die…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Is it possible to set up Full Nat rule for an entire subnet?

    Albert Tejada
    Albert Tejada
    I will try to explain this as best as I can with my limited knowledge in networking. This is using XG 210 hardware. We have setup a connectivity from our Azure VNet to our on premises location with a XG 210. In our Azure VNet we have a subnet (ex. 172…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • IPSEC - Masquerade/NAT 4 Hosts Behind Peer IP

    NateP
    NateP
    Ok, something that I've easily done many times on all of our UTMs. I have a new IPsec tunnel I built to a 3rd party. We are just accessing a single remote (198.0.0.2/32) host configured in the tunnel, but it needs to be accessed from 4 different hosts…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>