The equipment that connects to the top or bottom of the firewall has changed.
At this time, the snat or dnat policy set on the device is not applied.
You have to turn off the policy and then turn it on for it to work properly.
XG430 (SFOS 17.0…
Dears,
I Have firewall SOPOHS XG230. I have two gateway to internet.
when do rule LAN to WAN and select nat rule MASQ to access intenet.
I want change internet gateway for some LAN's IP, how i can do it?
some LAN access intenet from GW1
…
I am not sure if I always need NAT. Sometimes I do and sometimes I don't. My latest issue was two VLAN networks hanging off the LAN interface of the Sophos XG. I had the correct firewall rules in place but I couldn't get traffic to flow until I created…
Hi
PPPOE is done on the XG and from ISP provides 10.222.250.5/32.
We have a 213.150.X.X/29 from the ISP routed via 10.222.250.5.
LAN has internet and DNAT works PAT works that's all good.
How to register the sophos and add licenses because the…
hi
with UTM we had site to site tunnels and SNAT rules
on the sophos side i was able to create an snat rule
with severanl networks and hosts from our side and say sned them all down the tunnel behind 1 ip address in the range defined in the tunnel…
I have deployed an Active-Passive XG Firewall setup in AWS following the proper guide and have full routing and sorted out the health check on the load balancer for incoming services. One issue I am having is the incoming traffic is being NAT'd to the…
Hello Guys,
i have a brain lag with following situation,
I have a IPSEC to IPSEC (Site to Site) connection.
The other side need to connect or need access to our local ip adress 192.168.100.253. But they cant use this local subnet, because…
Hi,
I'm pretty sure that this question was already answered by someone, but I cannot find the answer in the forum or the knowledgbase. Please bear with me...
To my question...
I configured two policy based ipsec tunnels: Site C <10.3.0.0/24 = 192…
Hey All,
I was kinda wondering, I Sophos V17 you could select the NAT on the FW rule itself and that that's the route it would take
But now in V18 its separated, If you have one link can you add NAT rules on its own with no SD WAN routing would…
HI,
We have 3 ISP(ISP1, ISP2 and ISP3) connected to our firewall in our HQ. In our HQ we have at least 5 subnets. My question is can i let some subnet to utilize only ISP2 for internet, not just internet but fully utilize the link. The other link i…
Hi,
We have a head office site that connects to a 3rd party over a site to site vpn for a service that they offer. Their requirements are quite specific on the set up of the site to site vpn for subnets and translation.
Details are:
Office LAN…
Hello,
I guess its basics, however cannot understand why traffic for directly connected interfaces are getting source natted by wan public ip.
Set up is Sophos XG firewalls connected directly via HA DMZ interface and have assigned 10.238.238.0/30…
Hello,
I would like to change the Load Balling in my Firwall rule which has a migrated NAT rule.
In the NAT rule I cant ch age anything.
How can I chnage this?
Thank you!
Hello guys!
I would appreciate your help.
I installed XG (long time Home user of the UTM), latest version as of today (SFOS 18.5.2 MR-2-Build380)
My problem is that I want to access my cameras and I am creating a rule for the camera specific port…
Hello,
I read what MASQ is doing and it sounds like PAT to me.
Is there any difference between MASQ and PAT?
Because hiding inside network or device? PAT does the same thing.
Thank you.
Hello.
We have Wi-fi -> Access Point -> Router -> Sophos FW.
I just want to know is it possible to use DMZ without Masquerading? Because we need to actually control what kind of content each of the users access using the Sophos.
As you guys…
Hello, I have this situation:
Our network: ip 10.10.10.0/24
External parter A: ip 10.20.20.0/24 (managed on another firewall different from Sophos)
External Partnet B: ip 10.20.20.0/24 (same ip of partner A).
I have a vpn working with B and I…
I need 2 networks to talk with each other using 1 ip address. The 2 sites are physically connected with a Metro E (Dark fiber), this connection is a dedicated fiber between the 2 sites. Each site has its own network. Site A has the IP’s that Site B needs…
Hello,
How to create this UTM NAT rule in XG firewall?
Rule type: SNAT
For traffic from: LAN1
Using Service: Any
Going to: LAN2 (Network)
Change the source to : LAN2 (Address)
Change the service to: <blank>
Thanks in advanced
Hi Community,
I have the following question. I created a Policy Based Site2Site VPN Tunnel between two Sites on an Sophos XG Firewall Appliance (Site A). I do not have control over the remote location (Site B).
I have three local subnets on Site A…
Sir,
I have configured PortF1 for WAN Acees, which works perfectly fine with NATTING with our LAN and DMZ network. However I want to ctlreaye SSH acces from a WAN server to Two Serverd placed in DMZ.
If my WAN client is 155.48.96.59 and I want to…