Hi guys, I’m trying to NAT (or DNAT) Single WAN with multiple ports to Internal LAN IPs. Just wondering what’s the best way to do it. Example: WAN 40.12.34.56:1000 to 192.168.1.5 WAN 40.12.34.56:2000 to 192.168.1.6 WAN 40.12.34.56:3000 to 192…

I have a Sophos UTM with v9.712-13. I understand from Rule #2 in " rulz " that DNAT is evaluated before the firewall rules: the connection tracker (conntrack) first then Country Blocking then the 'ICMP' tab in 'Firewall': Traceroute and Ping…

Dear all, I have two Sophos UTM units at two sites, both are currently behind NAT routers. Both sites have Static Public IPs, both sites use PPPOE to connect to the internet. The PPPOE in both cases is being handled by the NAT router rather than the…

Hello I want to know if it is possible to publish 3 ports (8000,3000,3001) of a server connected to a RED50 in standard/split mode. Currently it is working configuring the RED50 in standard/unified mode, but as all the traffic goes through the UTM Firewall…

Hello guys, I am trying to create a DNAT rule for a server based in a DMZ network. We have a wifi controller in the DMZ where Access Points from different onsite and offsite locations connect to through two different ports over WAN. I managed that…

I was created a Dnat rule it is working from outside (WAN), but it is not working from the inside (LAN)

Hi Everyone! Our development team uses Unlayer to bind pictures/images from one (source) website onto another (target) website via iframe. Unfortunately, Unlayer cannot work with source websites behind a Sophos UTM. Every other source works fine. …

Sophos XG Firewall WAF (webserver protection) Rule Protected Servers Selected hosts Here you can add multiple IP/Servers. If multiple IPs are added will WAF perform loadbalance or failover?

We recently changed ISPs and I haven't been able to renew the Let's Encrypt cert for UTM sophos.mydomain.com... i cloned all the rules and added new interfaces and the migration to new ISP went flawless. I have a NAT rule I turn on when it's time…

Hi, I'm using the UTM for many years now, but now I have a problem I got stuck.. The Environment: Site A (a rented Server): Small Server, virtual UTM (UTM A), many public IPs, fast Internetconnection Site B: big hardware UTM (UTM B)…

Dear Export. I'm new in handling Sophos Firewall and i hope i can get some advise. Below is the scenarios. Background Web user connect to webmail server via port forwarding. Port forwarding from example Port:12345 to Port:80 Issue …

Hi I am new to Sophos UTM and figuring my way around setting things up. So far everything is working fine. However I ran into couple of scenarios, that I am not able to figure out why, how etc. Any help would be appreciated. My Setup: Linux Machine…

Hi, I've configured destination NAT on Sophos UTM9 on public interface IP:3389->Local_ip:3389 In firewall live logging i see entries like this Occasionally someone is sending SYN request and nothing more (this is what live log shows) By the…

Evening All, Slight bit of a noob with the Sophos UTM so please bare with me, as i could be doing something completely backwards. So I have a Sophos SG550 UTM 9 Device, and i'm wanting to pass traffic through from Symantec messagelabs to my Internal…

Hi I'm running ASG software UTM v9.411 which is installed as a backend proxy. UTM has internal and DMZ interfaces and edge firewall NATs public facing IPs through to UTM DMZ interface additional IPs for my WAF standard HTTP/S webserver rules which are…

I have been reading through Rulz and this earlier post trying to get my blackhole/null route working with DNAT since my firewall rules were not (as explained by Rulz). From the latter link, BAlfson said the following is a valid DNAT configuration: …

We have a phone server on the internal network that is configured to accept inbound connections on a particular external IP. Apparently this server is restricted to only accept connections from 1 external IP at any given time. As we are migrating to…

Hey there, we used a mail server behind the sophos with a specific domain. The domain pointed to one of our Interfaces. We used a DNAT-Rule to redirect all mail specific traffic on this interface to the mail server. It worked fine. Now i needed to…

Hi all, I'm trying to replace my old TMG with my SG210, the problem is when I create a new rule, it doesn't work. I noticed that my LAN can't access internet even with the firewall rule "Any-Any-Any" so I had to create a NAT rule to make this happen…

Hello, We are having several customers that they host their solutions to our data center. Until now each customer had their own firewall and their own IP range. With the current configuration we used a different firewall brand for each customer. Each…

Good Morning, Evening or Afternoon I'm playing around with UTM9 for about a week now but I didn't figure out how to allow my synology diskstation to access the internet. I wanted to allow: the system to check for updates and download them, the package…

I've currently got a BT Home Hub providing routing on 192.168.1.x, I've connected my Sophos UTM to a LAN port, which in turn is providing routing/firewall on 192.168.2.x. I know this causes double NAT and I've not had any problems using the internet,…

First off, hello to the forums, I'm a Sophos Certified UTM architect and this one has me a bit stymied and I'd love some input. This is on my personal UTM running as a VM inside a windows server 2012 r2 data center tower the data center box also hosts…

Here is a step by step help article on how to do a port translation in a SOPHOS UTM 9 for RDP Step 1: Log into your SOPHOS UTM 9 appliance and go to "Definitions & Users" Step 2: Click on "Network Definitions" Step 3: Click "New Network…

Hi guys, Hope this finds you well, I'm having issues configuring a DNAT correctly. The end goal is to create a full tunnel SSL VPN profile that has access out to the internet only, denying all connections to the local network. This topic has…