Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

RED configuration for PCI DSS compliance v18 DNAT

I have an XG135 running (SFOS 18.0.1 MR-1-Build396) and I am currently failing Security Metrics PCI scan for the following:

I am trying to follow the KB Sophos has provided but in v18 DNAT and Firewalls are separated, and I can't seem to get everything set properly to pass this scan.

My Firewall rules:

NO NAT/ DNAT Rules:

Blackhole Route:

I cannot figure out how to pass this scan without getting traffic to follow these rules. So far nothing has "hit them".

Top Replies