This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

netwerk rang

we have a DNAT rule that allow access to one of our internal servers .

the access to the internal sever is limited to a external location. i did add the ip rang of customer as a network rang with /28 subnet so we dont need to add all of the 16 ip address. but now customer cannot access the internal server until we add thier gateway ip as single ip to DNAT rule

the gateway addres is in the ip rang of /28 that we have already added.

any idea why the subnet rang does not works?

Thanks

This thread was automatically locked due to age.

Parents

0 sachingurung over 7 years ago

Hi Aresh,

This can be either a single host or an entire network, or, except for the 1:1 NAT rule type, a network range.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 AreshAreshi over 7 years ago in reply to sachingurung

Hi sachingurung,

Thanks for reply

We did add the entire network of the customer to the DNAT rule but customer cannnot access the internal server, only when we add thier gatweway address as single host they can access tthe int server.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 7 years ago in reply to AreshAreshi

Could you PM me the screenshots of the configuration and TCPdump captures from the destination IP address. I want to see if the packets actually reaches to the UTM. Parallel to the dumps capture packetfilter.log to verify if the traffic from the destination IP address is dropped.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sachingurung over 7 years ago in reply to AreshAreshi

Could you PM me the screenshots of the configuration and TCPdump captures from the destination IP address. I want to see if the packets actually reaches to the UTM. Parallel to the dumps capture packetfilter.log to verify if the traffic from the destination IP address is dropped.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 AreshAreshi over 7 years ago in reply to sachingurung

hi

I send u screensot of the configurattion

when we remove the single ip from the the network group customer cannot access the server even when the the network range of customer is added to the group.

I did check the firewall log and see some drop from the customer gateway address , send u that log entry as well

thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 AreshAreshi over 7 years ago in reply to sachingurung

I will try the range instead of network and see if that works.

regarding the drop connection I am sure there is no problem with the DNAT and is configerd correctly.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel