Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 27 subscribers
  • Views 24701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT - Static route

Mike Lawson

Simple question on Sophos XG home how do you switch off nat and enable static routes

I have tried within firewall rule and primary gateway. Looked through the forum but none seem to answer the question



This thread was automatically locked due to age.
Parents
  • 0

    Hi Mike,

    Static routes are enabled by default when you create one under Configure > Routing > Static Routing.

    There's no global way of disabling NAT services. You would just turn off any Business Application NAT rules that you have created under Protect > Firewall. 

    For SNAT's you've created, it would be under your Firewall Rule > NAT & Routing

    Cheers,
    Karlos

  • 0 in reply to Karlos

    Karlos,

    I have no business application firewalls enabled. There is one Lan to Wan Firewall rule NAY Masquerade enabled, the moment I witch to none, it doesn't work despite me having put a static route 0.0.0.0 to default Gateway on Lan port 2

  • 0 in reply to Mike Lawson

    Hi Mike,

    What is your end goal? You would like all traffic to be sent out a specific gateway? 

    Masquerading is necessary to allow your LAN traffic to go out to the Internet because it needs a public IP to route out to the Internet. Disabling it will stop all LAN to WAN traffic.

    If you are just trying to specify a specific gateway, leave your Rewrite source address (Masquerading) checkbox enabled and specify the gateway you'd like to use under Primary Gateway.

    Best,
    Karlos

  • 0 in reply to Karlos

    Karlos said:

    Hi Mike,

    What is your end goal? You would like all traffic to be sent out a specific gateway? 

    Masquerading is necessary to allow your LAN traffic to go out to the Internet because it needs a public IP to route out to the Internet. Disabling it will stop all LAN to WAN traffic.

    If you are just trying to specify a specific gateway, leave your Rewrite source address (Masquerading) checkbox enabled and specify the gateway you'd like to use under Primary Gateway.

    Best,
    Karlos

     

    Karlos,

    At the moment I double NAT (my ISP will not put into bridge mode so there device does the NAT). I want all traffic (at the moment 172.16 etc) to go to the default ISP Gateway 192.168.0.254 and out onto the internet. From what I have read double NAT is not good. 

  • 0 in reply to Mike Lawson

    Double NATing is not recommended. Especially if you have internal servers you need access to from the outside.

    On the XG side, the only configuration you need to setup is Masquerading your LAN to your WAN interface. It is your ISP router's responsibility to NAT traffic out to the Internet from there. 

    Best,
    Karlos

  • 0 in reply to Karlos

    Karlos,

     

    Thanks for your help, looking at the live connections I can see that between the ISP Router and the Sophos I am double Nat. I would like to establish the steps I need to stop nat on the sophos and only get this happening on the ISP router. I had assumed this was None under Firewall rule and a static route 0.0.0.0 to the ISP default gateway 192.168.0.254, tried this and did not work. 

Reply Children
No Data