Hi all, We're looking forward to implement a monitoring solution with CheckMK for our customers productions machines. The monitoring server will be on a cloud machine and it will need to access the customers machines through CheckMK TCP port and SNMP…

Hi there, I want to create a NAT Rule using Import/Export Feature. Actually it is not working, when Adapting existing rules. What needs to be done for the import to work? Didn´t find any related threads here... <NATRule transactionid=""> <Name…

We just got a sophos xgs 87 firewall for my company's branch office. My ISP gave me /30 WAN pool and /29 LAN pool, I configured one of the IPs in /30 pool to WAN port of sophos and ALIAS the IPs of /29 pool which I used for 1:1 NAT is configured. My branch…

Hi I already do a DNA for the WAN to LAN, but when i try to do it at LAN to LAN the servers inside the LAN sends the port its blocked, i try a lot of rules of nat, i want to map the port 3306 to the 3310 at one internal server thank you for…

Just a question here. I have a red device in a small office(lets call it 192.168.10.0). That red device is connected to an xgs firewall(firewall 1, 192.168.20.0), and this firewall has a vpn connection to firewall 2(192.168.30.0). The vpn only passes…

Hi, Iam currently setting up a ssl vpn to my server. Connection to server is success. I can ping and RDP. The problem is that for a certain software to run, i need to change my server private ip to the public ip.

Good afternoon All, I've been asking by our VOIP hosting service to enabled Consistent NAT on our Firewall XG. However I can't find out if that's possible nor how to do it. I have searched, and people mention it being available in V18, but nobody has…

hello community, i try to reach a device in a subnet A from another subnet B. problem1: the device in subnet A has no route to firewall (only local subnet with firewall). so i have to use masquerade to get reply packets. problem2: i have to use…

Hello, we use Microsoft Always On for all Home Office Users. The clients connect to a public IP of our XGS2100. The Firewall uses a symetric Fibre connection (100MBit) from German Telekom. XGS has NAT and forwarding rule to the internal RAS/VPN…

Hi all, sorry for the newbie question. I'm using UTM since decades and now with UTM EOL in 2026, I gave it a shot and tried to migrate to SFOS. Unfortunately it's not as intuative as UTM but I try to move everything over. One problem I encountered…

Hi, I ("Rule-Noob") need help with the definition of a NAT rule. We want to communicate with a power storage via Modbus TCP (E3DC storage). On the internal network it all works fine - however the storage drops any communication from another subnet.…

I have a problem where I am unable to ping google and it somehow seems as the firewall is missing a route back to my client. My client is inside a VLAN (172.16.87.99) and from the traffic below I can see that it correctly routes to the gateway address…

My goal is to install a telephony server in the LAN. This server must be accessible from the internet with a number of protocols here (PRO_Starface). To prepare this I created a NAT rule and a firewall rule to access this server from internet. Just…

Hi There, I’m new in the Sophos world and I have some trouble configuring 1to1 NAT. My case: XG115 Firewall (XG115 (SFOS 19.0.1 MR-1-Build365), 1 Server in the LAN (no DMZ), 1 public address for this Server. I want to access my Server from Internet…

When try to save NAT Configuration it is showing "Original and translated services don't match" and am not able to store that. Any idea why? What am doing wrong?

I recently moved the customer from Sonicwall to Sophos. The customer being a bank has a P2P connection with their ATM service provider. There are multiple resources on this P2P service and most have an IP binding configured. For most of them they have…

Hi, on XGS-136 when I use NAT rule wizard, it creates all needed rules + one not-needed Reflective rule. I don't really understand, what Reflective rule is and why is it needed. I usually only create DNST rules, from outside into LAN or DMZ, and local…

how can i forward traffic from lan 1 to lan 2 with nat ? i want all traffic (many networks ) forwarded from interface 1 (lan 1) to interface 4 (lan 2) to translate from the source network address to interface ip (interface 4)and pass to the internal…

Hi all, Semi-newcomer here, as I haven't used Sophos Firewall since XG 17.5. When it went EOL, I tried out pfSense for a short while before finally deciding to retire our old, but reliable UTM 110/120 appliance. The UTM 110/120 only has 2GB RAM, so…

Hello folks, Every time I need to create a NAT rule I must go back to the Sophos video that explains it. The reason - I can't remember it because it is so counter intuitive. I hope you can help me figuring out a few key moments. The video: 1) A…

Hello! So I'm trying to get a tricky NAT over IPSec tunnel set up based on the requirements from a vendor of ours. They only want to see traffic from and going to the following subnets: 1.1.2.192/28 1.1.4.48/28 1.1.8.48/28 So they want our internal private…

Greetings everyone! I run a few TP-Link Mesh wifi systems with my current UTM. It was an easy setup which required no firewall rules. We are moving to a new XGS firewall this month. Will my TP-Link wifi setup work fine with the new XGS firewall…

Hi All, I have Host (server) with wan IP 118.x.x.x How to I set this Host to specific WAN IP 219.x.x.x ? Do I need to create SNAT? Model: Sophos XG 330 with 18.5.3 firmware Thank you in advance

We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range. Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and…

I have a need to isolate from a business network and wondered what capabilities the Sophos XG (18.5.3) has. In that, I've built rules for the following: Packet from 10.1.1.1 destined to a DMZ 192.168.1.1 address, nat out to business site address which…