This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 NAT Method

Hi everyone,

im thinking about buying a Sophos UTM9 Appliance and i wanted to know which method of nat it is using (Full-Cone, Symmetric, Restricted-Cone or Port-Restricted Cone).

Sadly I didnt find any information on this topic.

Can someone tell me which method is being used?



This thread was automatically locked due to age.
Parents
  • ... Und dann gibt es ja noch "Masquerading"

    Masquerading

    Masquerading is a special case of Source Network Address Translation (SNAT) and allows you to masquerade an internal network (typically, your LAN with private address space) behind a single, official IP address on a network interface (typically, your external interface connected to the Internet). SNAT is more generic as it allows to map multiple source addresses to several destination addresses.

    Note – The source address is only translated if the packet leaves the gateway system via the specified interface. Note further that the new source address is always the current IP address of that interface (meaning that this address can be dynamic).

    To create a masquerading rule, proceed as follows:

    1. On the Masquerading tab, click New Masquerading Rule.

      The Add Masquerading Rule dialog box opens.

    2. Make the following settings:

      Network: Select the (internal) network you want to masquerade.

      Position: The position number, defining the priority of the rule. Lower numbers have higher priority. Rules are matched in ascending order. Once a rule has matched, rules with a higher number will not be evaluated anymore.

      Interface: Select the (external) interface that is connected to the Internet.

      Use address: If the interface you selected has more than one IP address assigned (see Interfaces & Routing > Interfaces > Additional Addresses), you can define here which IP address is to be used for masquerading.

      Comment (optional): Add a description or other information.

    3. Click Save.

      The new masquerading rule appears on the Masquerading rule list.

    4. Enable the masquerading rule.

      Click the toggle switch to activate the masquerading rule.

    To either edit or delete a rule, click the corresponding buttons.

    Note – You need to allow traffic from the internal network to the Internet in the firewall if you want your clients to access external servers.

    IPsec packets are never affected by masquerading rules. To translate the source address of IPsec packets create an SNAT or Full NAT rule.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • ... Und dann gibt es ja noch "Masquerading"

    Masquerading

    Masquerading is a special case of Source Network Address Translation (SNAT) and allows you to masquerade an internal network (typically, your LAN with private address space) behind a single, official IP address on a network interface (typically, your external interface connected to the Internet). SNAT is more generic as it allows to map multiple source addresses to several destination addresses.

    Note – The source address is only translated if the packet leaves the gateway system via the specified interface. Note further that the new source address is always the current IP address of that interface (meaning that this address can be dynamic).

    To create a masquerading rule, proceed as follows:

    1. On the Masquerading tab, click New Masquerading Rule.

      The Add Masquerading Rule dialog box opens.

    2. Make the following settings:

      Network: Select the (internal) network you want to masquerade.

      Position: The position number, defining the priority of the rule. Lower numbers have higher priority. Rules are matched in ascending order. Once a rule has matched, rules with a higher number will not be evaluated anymore.

      Interface: Select the (external) interface that is connected to the Internet.

      Use address: If the interface you selected has more than one IP address assigned (see Interfaces & Routing > Interfaces > Additional Addresses), you can define here which IP address is to be used for masquerading.

      Comment (optional): Add a description or other information.

    3. Click Save.

      The new masquerading rule appears on the Masquerading rule list.

    4. Enable the masquerading rule.

      Click the toggle switch to activate the masquerading rule.

    To either edit or delete a rule, click the corresponding buttons.

    Note – You need to allow traffic from the internal network to the Internet in the firewall if you want your clients to access external servers.

    IPsec packets are never affected by masquerading rules. To translate the source address of IPsec packets create an SNAT or Full NAT rule.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hallo Herr Rusch,

    danke für Ihre Antworten.

    Es ging mir an sich nicht darum wie ich die NAT-Regeln erstelle.

    Das Problem ist, dass ich mehrere Anwendungen benutze die mit Symmetrischem-NAT beziehungsweise Endpoint-Dependent Mapping nicht funktionieren. Deshalb wollte ich fragen ob die Sophos diese NAT-Methode verwendet nachdem ich online hierzu nichts gefunden habe.

  • Hallo,

    das war die schnellste Methode zu zeigen, welche Optionen es bei der Erstellung von NAT-Regeln bei der UTM gibt.

    Das Herumwerfen mit Begriffen bringt hier nichts, jeder Hersteller versteht darunter etwas anderes. Beispiel Cisco oder HP.

    Aber da die UTM einen Linux-Kernel verwendet, verstehe ich das Problem nicht.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.