This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block a specific network for a NAT rule

Hi,

We have created a NAT rule for a specific internal server. I want to block some internal ranges to this NAT rule (with the Firewall not the server). I can't see to get this working. Any ideas how to block an internal network to server behind the NAT rule?

So my internal address 172.16.10.0/24 can't access the external ip x.x.x.x which leads to internal server 172.16.11.1. Other ip's (internet) or internal subnets should be allowed.



This thread was automatically locked due to age.
Parents Reply
  • Good work.  I don't see how that would allow internal traffic to reach server "0" though.  I see you have logging selected.  Are you seeing traffic from 172.16.10.0/24 going to server "0" as a result of this NAT in the firewall log?

    Also, see #2 in Rulz (last updated 2021-02-16).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children