This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 135 with IP over WAN, in a different network than Alias interfaces

I can have on the same WAN interface, an IP 189.10.10.46/255.255.255.192, with gateway 189.10.10.1.
And several IP Alias on the same interface, only on a different network, 189.10.20.16-189.10.20.30/255.255.255.240?

Alias would be for publishing services hosted on the internal network, such as web server, erp application, e-mail server, etc.

Wait and thanks !



This thread was automatically locked due to age.
Parents Reply Children
  • Yes, it lets you configure, this is done in version 17.5.9 MR9, the question is, does it work? If XG will be able to receive and route packages.

  • Ivanildo,

    I will perform a test on my lab and let the community knows.

    Regards

  • I can confirm, it works.

    18:57:13.814608 ifb0, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 24445:25885, ack 7440, win 365, length 1440
    18:57:13.814633 Port2, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 24445:25885, ack 7440, win 365, length 1440
    18:57:13.814658 ifb0, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 25885:27325, ack 7440, win 365, length 1440
    18:57:13.814666 Port2, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 25885:27325, ack 7440, win 365, length 1440
    18:57:13.814739 ifb0, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 27325:28765, ack 7440, win 365, length 1440
    18:57:13.814748 Port2, OUT: IP 192.168.1.23.40398 > 20.150.29.228.https: Flags [.], seq 27325:28765, ack 7440, win 365, length 1440

    I applied the proper NAT on v18 and created an ad-hoc firewall rule.

    It works!

  • I tested it here, it worked very well.

     

    Sophos XG supports having an IP of a network on the interface and the Alias on another network, the provider sends the packages to the services published in the Alias and it accepts :)
    Now how the provider does his part, I don't know.

    See the picture of how it turned out.

    Thank you for your support!