This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let's Encrypt - Default Drop when NAT to internal

We recently changed ISPs and I haven't been able to renew the Let's Encrypt cert for UTM sophos.mydomain.com... i cloned all the rules and added new interfaces and the migration to new ISP went flawless.

I have a NAT rule I turn on when it's time to renew the LE cert:

DNAT    [Sophos SSL Let's Encrypt Renewals]

Traffic selector:               Any       →                         HTTP (80)     →                        External [Sophos] (Address)

Destination translation:               Internal (Address)

Automatic Firewall rule: Checked

Using Port Query, I can see It is applying NAT to the External IP, however it is dropping access to the internal destination on port 80.

14:41:29

NAT rule #1

TCP

 

My.remote.IP

:

10664

External [Sophos] (Address)

:

80

[SYN]

len=52

ttl=115

tos=0x00

 

 

14:41:29

Default DROP

TCP

My.remote.IP

:

10664

192.168.1.1

:

80

 

[SYN]

len=52

ttl=115

tos=0x00

Any idea why it would be dropping the internal address?

Sophos UTM 9.703-3

Appreciate the help!



This thread was automatically locked due to age.
Parents Reply Children
No Data