• NAT IP addresses coming in the IPSec VPN to local IP addresses

    Matt Haynes
    Matt Haynes
    Hello, We switched my client over to a Sophos XG from an old Cisco Router. They have an IPSec tunnel to a Medical Network that hosts their Medical software/databases. The only thing I can't reproduce on the Sophos is below: ip nat inside source static…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG inline after Ubiquiti USG Pro

    George Kostopoulos
    George Kostopoulos
    Hi Everyone, First time posting so hoping I can get some clear direction on what to do based on others experience, I know theres two possible ways to skin this cat. We moved into a new office space, subleasing and along with that comes with a…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XG IPSEC Site-to-Site Nat

    Maurilio Senra1
    Maurilio Senra1
    Hi I'm having a hard time trying to configure a VPN Site-to-Site with the head office. We have the same local network. There we have a Fortgate. We were able to sucessfully connect the VPN. From there is possible to ping and acess my network but, from…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL VPN outbound IP from WAN from external locations

    Nelson Eli Gutierrez Prieto
    Nelson Eli Gutierrez Prieto
    Hi folks. Im a learning Technician in Sophos XG and i need help with this request. Acctually we have a Sophos XG FW 18.0.1 and we have a software provider where we access a particular software in one server. The service provider has allowed the traffic…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Traffic from and to one Host (or Network) over a specific Alias WAN IP

    Daniel79
    Daniel79
    Hi, we have a /28 public subnet. One IP is the default WAN IP, the others are added as Alias to the Interface. How can I make a rule that every outgoing traffic from a specific host or network is going out over one specific of these alias IPs? …
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • unclear XG routing decision

    LHerzog
    LHerzog
    We notice a strange routing decision of the XG to networks not routed by the XG itself. This traffic is forwarded to an IP address I cannot find any routes to. Also the XG does not even have an IP address in the network range of that IP address. If…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Issues creating PAT

    Justin Gallos
    Justin Gallos
    Hi. This is my first time configuring this. I am having some trouble with it. I tried to search on the forum but the one I found had pictures that do not work anymore. I have one public IP and want to direct it to 2 internal IP addresses with the same…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • mr4 SNAT -> traffic is lost suddenly

    BasSanders
    BasSanders
    Hi All, As support is continuously failing to support us i am trying here. We have a setup with a cluster of XG210's running 18.0 MR4. Since this implementation, we are regularly having issues with our customers PBX. Packets coming from the PBX…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • RED configuration for PCI DSS compliance v18 DNAT

    Brandon McGouldrick
    Brandon McGouldrick
    I have an XG135 running (SFOS 18.0.1 MR-1-Build396) and I am currently failing Security Metrics PCI scan for the following: I am trying to follow the KB Sophos has provided but in v18 DNAT and Firewalls are separated, and I can't seem to get everything…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • After Upgrade to v18.0 MR4 Auxillary Appliances boots in Failsafe Mode - Reason "Unable to apply NAT Rules"

    Gordon Leisering
    Gordon Leisering
    Hi, today i upgraded an Sophos XG Cluster from v18.0 MR 3 to v18.0 MR 4. Everything looked fine, so i did an Failover check, Afterwards not all outgoing WAN Connection possible. After some checks we recognized that the Appliance booted in the Failsafe…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Unable to check the address used in IPv6 NAT log.

    core_memory
    core_memory
    The item src_trans_ip output to the log is incorrect, when using IPv6 Source NAT. src_trans_ip will have the same address as dst_ip. The real address after Source NAT is not logged. This issue was tested with SFOS 18.0.4. This is a bug, isn't it?
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • How to fully block/drop packets from a malicious WAN address?

    CraigLloyd
    CraigLloyd
    Hi, Since upgrading to V18 where NAT and Firewalls have been separated. How would I be sure to fully block and Drop a malicious WAN address traffic from hitting our web facing services? I have written a drop rule containing a list of IP Addresses…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • XG 18. snat binding to specific public ip

    Luc_GLLM
    Luc_GLLM
    I have only WAN interface with multiple public ip addres configured as an alias IP. So.. #PortB, #PortB:1, #PortB:2 etc... All clients leave the internet via the default snat with the firewall public ip configured in port #PortB. I would like only an…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Serverzugriff über IPv6 DNAT funktioniert nicht

    Moritz Wiesenmaier
    Moritz Wiesenmaier
    Hallo Community, ich versuche derzeit mein Netzwerk von außerhalb erreichbar zu machen. Da ich über einen DS-Lite tunnel verfüge, muss ich dies über IPv6 verwirklichen. Von meinem ISP wird mir ein dynamisches IPv6 Präfix zugewiesen. Da ich keine Funktion…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • WAN IPv6 to DMZ/LAN IPv4

    EGT
    EGT
    Hello Forum! I have a little challenge here. TLTR: Translating WAN IPv6 to LAN IPv4. I would like to make various services accessible via IPv4 and IPv6 from the WAN side. Internally in the LAN and DMZ I would like to continue working only with IPv4…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Version 18 and the Nat Rules

    Alex Harding1
    Alex Harding1
    Hi Guys Hoping someone can help me as I'm struggling a bit with V18 and the decoupling of NAT rules. I know it works as its working on V17 without issue. We have a vlan and within that vlan there is a device which requires WAN access. I have created…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • NAT DNS Service to LAN address

    Brian Thill
    Brian Thill
    I want IoT devices to use my internal DNS server. I setup a NAT rule to translate inbound DMZ interface to destination internal DNS server and I have a matching firewall rule but the traffic is getting dropped. IoT device calls to 8.8.8.8 on Port 53…
    • Answered
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • NAT between IPSEC and SSL VPN

    Developers VerticalBooking
    Developers VerticalBooking
    Hi all, I own a XG135 cluster, with some IPSEC VPNs to some external endpoint and an incoming SSL VPN; all works fine. Now I'd like to give to the SSL VPN an access to the IPSEC tunnels and I thought to do that through a NAT (natting the exiting SSL…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Cannot reach Gateway when VLAN in on LAN on Sophos XG

    Jonathan Nali
    Jonathan Nali
    Hi everyone, I know the question may not be clear but here it is. I have managed to get connectivity between the branch and HQ. I can ping and access devices on both sides. The issue is, when VLAN551, which is the data vlan, is on WAN, the cisco…
    • over 4 years ago
    • Sophos Firewall
    • Discussions
  • Setup Question LAN/WAN VPN

    Hinze
    Hinze
    Hi ! I'm quite new to XG Firewall. I've got the following Setup: XG Softwarebased setup on 2 Lan Card PC Port 1 LAN with Range from 192.168.1... Port 2 WAN with Statik IP 192.168.3.... getting it from Router LAN Router with static IP Adress…
    • Answered
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • IPSEC - Masquerade/NAT 4 Hosts Behind Peer IP

    NateP
    NateP
    Ok, something that I've easily done many times on all of our UTMs. I have a new IPsec tunnel I built to a 3rd party. We are just accessing a single remote (198.0.0.2/32) host configured in the tunnel, but it needs to be accessed from 4 different hosts…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Creating SNAT policies increases the count of firewall rules exponentially. Is there anyway around this?

    Matti Taina
    Matti Taina
    Say I want to filter outbound traffic from LAN to WAN with a bunch of different rules for all hosts, and do a separate SNAT policy for a specific LAN IP address. I create a bunch of outbound rules for the whole network, so I'll have to create another…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • 61 Internal devices, same internal port, external port +1 each time.

    Bradley Shaner
    Bradley Shaner
    I'm in the process of setting up NAT for 61 new devices that must be monitored externally. The INTERNAL port for most of these devices are 80, but the EXTERNAL port must be 1000, 1001, 1002, etc until they can each be reached. I have a XG310 (SFOS 16…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • VPN Verbindung von WLAN ins LAN

    Marcel Ruch
    Marcel Ruch
    Wir haben eine Firewall XG. Mit dem SSL VPN Client verbinden wir uns ins LAN. Das funktioniert soweit. Nun haben wir auf der Firewall einen weiteren Port auf dem das WLAN in einem anderen Subnetz liegt. Das WLAN hat keinen Zugriff auf das LAN. Um vom…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Does XG site to site IPsec VPN support Nat traversal

    Stephen Wratten
    Stephen Wratten
    I don't see the option on the Sophos XG to enable Nat traversal on a site to site VPN using IPsec, where one side will be behind a router doing NAT Is this enabled by default, or just not supported.
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>