Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 12057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change Destination Port(s) not sticking

jamesharper

I have a DNAT rule on XG v17 MR5 to map incoming connections on port tcp/3380 to an internal server on tcp/3389. It doesn't work though, and when I load up the rule again, "Change Destination Port(s)" is unticked. Ticking it and saving it produces the same result. If I change the destination port, that seems to stick, but without the checkbox ticked it doesn't take effect.

I have two rules with this problem.

I was using v17 MR3 and upgraded to v17 MR5 in case the problem was resolved, but it is still happening.

Any suggestions?

thanks

James



This thread was automatically locked due to age.
  • 0

    You are not alone. Yesterday I've discovered the same behavior. We are also running SFOS 17.0.5 MR5.

    I've opened a ticket, but no answer from Sophos Support so far.

  • +1

    I don't have this issue on my v17 MR5.

    Make sure that the custom "RDP 3381" service you have defined has:

    Source Port: 1:65535

    Destination Port: 3381

     

    I also notice in your description that you want to map incoming connections on port tcp/3380 but the in the screenshot you named the service "RDP 3381". May be you have a typo somewhere.

  • 0 in reply to AhmedMaher

    In v16, we had an option to use a port list to map external to internal port easily

     

    Now we have this insensible service feature and if i add two services, i can't even change the destination ports.

     

    How can I map like

    ext port a > int port b
    ext port c > int port d

    in the same rule?

  • 0 in reply to dja

    I'm seeing this behaviour across a lot of the GUI.

    DHCP timeouts are unticked even though they were ticked when the screen was saved

    MSS override setting shows as unticket even though it was ticked when the screen was saved

    OTOH - MR5 fixed a bunch of other things so i'm not that fussed that they broke something cosmetic. I do wonder about the release QA though. It's almost like there isn't a regression test rig in place.

  • 0 in reply to jamesharper

    After weeks of waiting, I've gotten an answer from Sophos Support regarding DNAT Change Destination Port:

    The behavior is normal. After saving the DNAT rule the checkbox needs to be re-set, if you want to change it again.