This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NPS logs UTM as connection source after DNAT

Unless I'm mistaken, a typical DNAT rule meant to expose an internal service to the outside world should forward a packet coming from the internet to a target server (changing only the destination, hence D in the DNAT).

Now, as is, we have the following kind of setup.

Internet -> Sophos UTM -(DNAT,443)> Windows SSTP server -(RADIUS)> Windows NPS server

In other words, our UTM forwards TCP 443 connections from a specific IP to our SSTP server (I'd love to use the Webserver Protection, but AFAIK it's not supported for SSTP). Our SSTP then connects to our NPS to authenticate the connection request. However, the NPS logs seem to indicate the requests are coming not from some online IP, but all have the UTM's IP.

The DNAT rule in question is as follows:

Matching Condition
- For traffic from: Internet IPv4
- Using service: HTTPS
- Going to: public facing IP
Action
- Change the destination to: Availability group with our 2 VPN hosts

I know it's probably a long shot but... any idea why the logs might be showing Sophos as the source?



This thread was automatically locked due to age.
Parents Reply
  • Change the Source to the (Address) of the interface to which the Windows SSTP server is connected.  That way, the UTM's connection tracker will "see" the response and route it back to the client on the Internet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data