Hello,
We switched my client over to a Sophos XG from an old Cisco Router. They have an IPSec tunnel to a Medical Network that hosts their Medical software/databases. The only thing I can't reproduce on the Sophos is below:
ip nat inside source static…
Hi Everyone,
First time posting so hoping I can get some clear direction on what to do based on others experience, I know theres two possible ways to skin this cat.
We moved into a new office space, subleasing and along with that comes with a…
Hi
I'm having a hard time trying to configure a VPN Site-to-Site with the head office. We have the same local network. There we have a Fortgate. We were able to sucessfully connect the VPN. From there is possible to ping and acess my network but, from…
Hi folks. Im a learning Technician in Sophos XG and i need help with this request.
Acctually we have a Sophos XG FW 18.0.1 and we have a software provider where we access a particular software in one server.
The service provider has allowed the traffic…
Hi,
we have a /28 public subnet. One IP is the default WAN IP, the others are added as Alias to the Interface.
How can I make a rule that every outgoing traffic from a specific host or network is going out over one specific of these alias IPs? …
We notice a strange routing decision of the XG to networks not routed by the XG itself.
This traffic is forwarded to an IP address I cannot find any routes to. Also the XG does not even have an IP address in the network range of that IP address.
If…
Hi. This is my first time configuring this. I am having some trouble with it. I tried to search on the forum but the one I found had pictures that do not work anymore. I have one public IP and want to direct it to 2 internal IP addresses with the same…
Hi All,
As support is continuously failing to support us i am trying here.
We have a setup with a cluster of XG210's running 18.0 MR4. Since this implementation, we are regularly having issues with our customers PBX. Packets coming from the PBX…
I have an XG135 running (SFOS 18.0.1 MR-1-Build396) and I am currently failing Security Metrics PCI scan for the following:
I am trying to follow the KB Sophos has provided but in v18 DNAT and Firewalls are separated, and I can't seem to get everything…
Hi,
today i upgraded an Sophos XG Cluster from v18.0 MR 3 to v18.0 MR 4.
Everything looked fine, so i did an Failover check, Afterwards not all outgoing WAN Connection possible.
After some checks we recognized that the Appliance booted in the Failsafe…
The item src_trans_ip output to the log is incorrect, when using IPv6 Source NAT. src_trans_ip will have the same address as dst_ip. The real address after Source NAT is not logged. This issue was tested with SFOS 18.0.4. This is a bug, isn't it?
Hi,
Since upgrading to V18 where NAT and Firewalls have been separated. How would I be sure to fully block and Drop a malicious WAN address traffic from hitting our web facing services?
I have written a drop rule containing a list of IP Addresses…
I have only WAN interface with multiple public ip addres configured as an alias IP. So.. #PortB, #PortB:1, #PortB:2 etc...
All clients leave the internet via the default snat with the firewall public ip configured in port #PortB. I would like only an…
Hallo Community,
ich versuche derzeit mein Netzwerk von außerhalb erreichbar zu machen. Da ich über einen DS-Lite tunnel verfüge, muss ich dies über IPv6 verwirklichen. Von meinem ISP wird mir ein dynamisches IPv6 Präfix zugewiesen. Da ich keine Funktion…
Hello Forum! I have a little challenge here.
TLTR: Translating WAN IPv6 to LAN IPv4.
I would like to make various services accessible via IPv4 and IPv6 from the WAN side. Internally in the LAN and DMZ I would like to continue working only with IPv4…
Hi Guys
Hoping someone can help me as I'm struggling a bit with V18 and the decoupling of NAT rules. I know it works as its working on V17 without issue.
We have a vlan and within that vlan there is a device which requires WAN access. I have created…
I want IoT devices to use my internal DNS server. I setup a NAT rule to translate inbound DMZ interface to destination internal DNS server and I have a matching firewall rule but the traffic is getting dropped.
IoT device calls to 8.8.8.8 on Port 53…
Hi all,
I own a XG135 cluster, with some IPSEC VPNs to some external endpoint and an incoming SSL VPN; all works fine.
Now I'd like to give to the SSL VPN an access to the IPSEC tunnels and I thought to do that through a NAT (natting the exiting SSL…
Hi everyone,
I know the question may not be clear but here it is.
I have managed to get connectivity between the branch and HQ. I can ping and access devices on both sides.
The issue is, when VLAN551, which is the data vlan, is on WAN, the cisco…
Hi !
I'm quite new to XG Firewall. I've got the following Setup:
XG Softwarebased setup on 2 Lan Card PC
Port 1 LAN with Range from 192.168.1...
Port 2 WAN with Statik IP 192.168.3.... getting it from Router LAN
Router with static IP Adress…
Ok, something that I've easily done many times on all of our UTMs. I have a new IPsec tunnel I built to a 3rd party. We are just accessing a single remote (198.0.0.2/32) host configured in the tunnel, but it needs to be accessed from 4 different hosts…
Say I want to filter outbound traffic from LAN to WAN with a bunch of different rules for all hosts, and do a separate SNAT policy for a specific LAN IP address. I create a bunch of outbound rules for the whole network, so I'll have to create another…
I'm in the process of setting up NAT for 61 new devices that must be monitored externally. The INTERNAL port for most of these devices are 80, but the EXTERNAL port must be 1000, 1001, 1002, etc until they can each be reached. I have a XG310 (SFOS 16…
Wir haben eine Firewall XG. Mit dem SSL VPN Client verbinden wir uns ins LAN. Das funktioniert soweit. Nun haben wir auf der Firewall einen weiteren Port auf dem das WLAN in einem anderen Subnetz liegt. Das WLAN hat keinen Zugriff auf das LAN. Um vom…
I don't see the option on the Sophos XG to enable Nat traversal on a site to site VPN using IPsec, where one side will be behind a router doing NAT
Is this enabled by default, or just not supported.