We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range. Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and…

I have a need to isolate from a business network and wondered what capabilities the Sophos XG (18.5.3) has. In that, I've built rules for the following: Packet from 10.1.1.1 destined to a DMZ 192.168.1.1 address, nat out to business site address which…

Hi folks, I have the following problem: I have an icinga 2 running in my network and I want it to ping a remote network via S2S. This does work, but as soon as i create a DNAT with HTTP and HTTPS to my icinga, it stops working. What i tried: …

Our XG 19 has 2 ISP links. I created a NAT policy though the wizard which allows reaching a server on the LAN. this NAT policy is set to be available only on ISP1 - FiOS I also created an SD WAN policy for outbount connections to select ISP based…

v18 newbie here. in earlier version 17, there was only the firewall rules for all connection types. In 18, have to create nat rules too. There is no usage count on some of my migrated after 2 weeks from upgrade. Lan to lan communication requests…

Attached screenshot from UTM NAT rules. how to configure those nat rule on XG.

Hello all I want to create NAT + Access rules for DNS and NTP so any UDP 53 and UDP 123 traffic targetted for WAN gets redirected to internal servers. Can anyone suggest how that can be achieved? Thanks A

We have some internal servers on which we have configured NAT rules to expose them to internet via dedicated WAN IPs for each server. We are able to connect to the servers from WAN without any issues. But we are unable to connect from one server to…

After updating from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317 I started getting complaints of services not working, they depend either on outbound firewall rules or inbound DNAT rules. The first failure to be reported was VoIP, oddly enough…

The equipment that connects to the top or bottom of the firewall has changed. At this time, the snat or dnat policy set on the device is not applied. You have to turn off the policy and then turn it on for it to work properly. XG430 (SFOS 17.0…

Dears, I Have firewall SOPOHS XG230. I have two gateway to internet. when do rule LAN to WAN and select nat rule MASQ to access intenet. I want change internet gateway for some LAN's IP, how i can do it? some LAN access intenet from GW1 …

I am not sure if I always need NAT. Sometimes I do and sometimes I don't. My latest issue was two VLAN networks hanging off the LAN interface of the Sophos XG. I had the correct firewall rules in place but I couldn't get traffic to flow until I created…

Hey All, I was kinda wondering, I Sophos V17 you could select the NAT on the FW rule itself and that that's the route it would take But now in V18 its separated, If you have one link can you add NAT rules on its own with no SD WAN routing would…

HI, We have 3 ISP(ISP1, ISP2 and ISP3) connected to our firewall in our HQ. In our HQ we have at least 5 subnets. My question is can i let some subnet to utilize only ISP2 for internet, not just internet but fully utilize the link. The other link i…

Hello, I guess its basics, however cannot understand why traffic for directly connected interfaces are getting source natted by wan public ip. Set up is Sophos XG firewalls connected directly via HA DMZ interface and have assigned 10.238.238.0/30…

Hello, I would like to change the Load Balling in my Firwall rule which has a migrated NAT rule. In the NAT rule I cant ch age anything. How can I chnage this? Thank you!

Hello guys! I would appreciate your help. I installed XG (long time Home user of the UTM), latest version as of today (SFOS 18.5.2 MR-2-Build380) My problem is that I want to access my cameras and I am creating a rule for the camera specific port…

Hello, I read what MASQ is doing and it sounds like PAT to me. Is there any difference between MASQ and PAT? Because hiding inside network or device? PAT does the same thing. Thank you.

Hi Team, How do I NAT or PAT to a hostname instead of an ip address? #Nali

Nat issue

Hello. We have Wi-fi -> Access Point -> Router -> Sophos FW. I just want to know is it possible to use DMZ without Masquerading? Because we need to actually control what kind of content each of the users access using the Sophos. As you guys…

SOPHOS XG 125 How to create a Migrated IPv4 SD-WAN policy route and show it in the SD-WAN policy routing, and please answer with pictures .. Thank you

Hello, I have this situation: Our network: ip 10.10.10.0/24 External parter A: ip 10.20.20.0/24 (managed on another firewall different from Sophos) External Partnet B: ip 10.20.20.0/24 (same ip of partner A). I have a vpn working with B and I…

I need 2 networks to talk with each other using 1 ip address. The 2 sites are physically connected with a Metro E (Dark fiber), this connection is a dedicated fiber between the 2 sites. Each site has its own network. Site A has the IP’s that Site B needs…

Hello, How to create this UTM NAT rule in XG firewall? Rule type: SNAT For traffic from: LAN1 Using Service: Any Going to: LAN2 (Network) Change the source to : LAN2 (Address) Change the service to: <blank> Thanks in advanced