Sophos Firewall is NOT very intuitive so far. Nothing inbound works...but the default rules to let everything outbound does. So figured id ask the community. I've reverted to the simplest test I can think of....Port forward ICMP from WAN to a LAN workstation…

2023-11-28 21:19:50Firewallmessageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="134" fw_rule_id="62" fw_rule_name="DNAT to Spiderman (IPv6)" fw_rule_section="Local rule" nat_rule_id="4…

NAT rule is not working. Tried both ways (DNAT / Firewall+NAT Rule). My WAN interface named BSNL and LAN interface is on Port #8..

Hello guys, Im struggling on this case: I want to open port ( 37777/tcp ) to get acess CCTV from exterior like a phone, tablet or computer. This acess is from Public IP ( WAN ) so i create the service ( print1 ) After that i create firewall…

Hi I finally setup my sophos XG 106 I have a WAN/LAN/DMZ and WiFi Zone. WAN use PPPoe Passthrough In the DMZ zone I'm currently running an docker host with some container. I created a DNAT rule to access one of the container running on Port…

Good Day, Could anyone assist me? I have created a VLAN for CCTV to sperate from the company network. Want to allow the CCTV to be connecting from the WAN Port from our ISP to use the Public IP so that we can monitor the CCTV remotely without VPN…

Hi I have a XG and im trying to get 3CX working correctly. I have nat and firewall rules set but when i run a test from 3cx I'm getting the full cone error i cant see what I'm missing

XGS136/ SFOS 19.5.2 MR-2-Build624 DNAT rule for on-prem mail server does NOT have email scanning turned on. Microsoft 365 Exchange Online Protection (EOP) is the spam filter. When I send an email to a distribution list of about 35 members from an…

Hello! I got IPSec Tunel between this two networks: 192.168.5.0 192.168.38.0 On this network ( 192.168.5.0 ) i got 3 Servers one of them is 192.168.5.2 and i can ping everything between this networks. If i create DNAT of this server…

We have an application running on a machine that has the ability to be connected through outside networks through port 47808. As I have had no luck I have made the rule as open as possible with no luck. The firewall rule has Source Zone and Source Network…

I have using third party DNS provided to point my web server domain to specify public IP. Currently, all setting is in Peplink and i want to remove it. When remove Peplink and direct plug my internet line to sophos, I cannot access my web server from…

I am trying to translate destination addresses from 192.168.0.0/16 network to 172.16.0.0/16 network with one-to-one natting. I am getting an error saying "Protected application server on IPV4 cannot be bound with non-HTTP-based policy with IP range more…

Hi There, Recently switched over from a Draytek that had very basic PFW functionality and I've managed to get everything else working for my internal VOIP phone, but unable to get my plex port forwarding to work. For context, I use unraid to host…

Hi all, XGS 19.5.2: I did that a couple of times: I have a Problem with Port Publishing when using different ports (externally 2100, internally forwarded to 22). I define an access rule from WAN to LAN on Port 2100. OK. I define a D-NAT rule…

Hello, I got a IPSEC VPN from my sophos xg to remote firewall. Many subnet from my side are nated dynamiclaly with 172.30.10.0/24 to reach different subnet on the other side. Like (192.168.1.0/24 , 192.168.2.0/24 ...are nated with 172.30.10.0/24…

Hello Am new to Sophos and I have tried to do some configurations but am not successful yet I have a server that I have connected to DMZ(SERVER uses a public IP) WAN is Public IP the challenge is that i cant ping the Server from WAN yet i can…

Greetings, we are hosting an internal web app and it requires google FCM services to be opened and working. i have created a DMZ DNAT rule for mentioned FCM ports, but still i am not able to get those notification messages delivered through sophos XG…

I HAVE A WEBSITE ON MY LOCAL SERVER 172.16.1.1 port 80 , and it's working when i try to access it from the internet but only with http ; when i choose https 443 it shows an eeror msg 'this webisite is unsecure click on link to proceed " ; so i brought…

I'm migrating to an XGS136 (SFOS 19.5.1 MR-1-Build278). The old firewall published LDAPS on 2 DCs to a specific WAN server that needs to do LDAPS lookups for AD integration. The destination device was set to an FQDN object corresponding to the internal…

Hi All, I am new to Sophos XG coming from pfsense and have to say I will be staying, great NGFW. I have a slight issue though, one which I am sure is simple to solve. I have used the server access assistant (DNAT) to create a port forward rule from…

hi all, got a DNAT like below, blanked the fields out due to privacy do i need to change my inbound interface and outbound interface to the correct ISP as i have two ISPs, so it could be going out wrong ISP, or will it pick the right ISP to go out…

I need a help. I made a DNAT configuration on our sophos XG 210, to able to access some service on our network but until now, when i try to check if the port is open or not, still closed and service not work externally, using public ip. screenshot…

Good Afternoon, I need some advice on how to best setup my firewall for Github Webhook forwarding to a Jenkins web-server. - My Sophos: SFVH (SFOS 19.5.1 MR-1-Build278) I have tested the following request successfully, in triggering a jenkins…

al crear la regla con el redireccionamiento hacia el puerto de la pagina este no lo realiza correctamente, aparece un error Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL…

I need to setup port forwarding to send traffic going to my wan interface on port 444 to an internal server on prt 443, i hav etried every ttorial i can fid on the internet and nothing seems to work. can anyone suggest a tutorial that works and is…