Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.

Publishing internal server(web,SSH) internet behind RED50 Standar/Split

Hello

I want to know if it is possible to publish 3 ports (8000,3000,3001) of a server connected to a RED50 in standard/split mode.
Currently it is working configuring the RED50 in standard/unified mode, but as all the traffic goes through the UTM Firewall and one of the ports is http, I would like to know if it is possible in standard/split mode?

Parents
  • ¡Hola! Ruben and welcome to the UTM Community!

    Yes, but will the remote site be secure enough without the protection of the UTM in Standard/Unified?

    You could just use a Full NAT or Webserver Protection in Standard/Unified.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello

    I suppose that in standar/unified mode the remote site is more secure.
    Currently it is configured in Full NAT standar/unified, but in case I may need Full NAT in standar/split mode how could it be done?

  • Please insert a picture of the Edit of your current Full NAT, Ruben.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello

    this is the DNAT Rule:

  • That is a DNAT and it's what is used when the server is behind the UTM and traffic arrives at the UTM on it's external address.

    If the topology is 'Internet <--> UTM <--> RED <--> Server', you must use a Full NAT like:

         Full NAT : Internet IPv4 -> Services Geopalma -> Movistar (Address) : From Internal (Address) to Servidor Geopalma

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • That is a DNAT and it's what is used when the server is behind the UTM and traffic arrives at the UTM on it's external address.

    If the topology is 'Internet <--> UTM <--> RED <--> Server', you must use a Full NAT like:

         Full NAT : Internet IPv4 -> Services Geopalma -> Movistar (Address) : From Internal (Address) to Servidor Geopalma

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children