Upgraded from 17.0.8 MR-8 to 17.1.1 MR-1 this morning and ALL of my inbound Business Application Rules stopped working. Opened a ticket and after some troubleshooting found that all traffic was being denied by the implicit deny rule as if all of the other rules didn't exist. Editing each of the rules and re-saving them resolved the issue for now.
The support engineer explained that I had all of my DNAT rules setup incorrectly. Instead of creating an object for the Public IP and using that as the destination object for the DNAT rule, he stated that I should have created an alias on my WAN interface for each IP that I am NATing and use the alias object as the destination in the DNAT rule.
Could this possibly be correct? My thought was if Sophos wanted it setup that way then a) it would be documented somewhere and b) they shouldn't allow you to create an IP object and use it as a destination for a DNAT rule.
What are others opinion/experience on this?
Thanks!
This thread was automatically locked due to age.
