Sophos Firewall

Discussions New SNAT from exiting one SG

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 5 replies
Subscribers 27 subscribers
Views 4089 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New SNAT from exiting one SG

Edgar_Quintana over 7 years ago

Hi,

I´ve 2 tunnels to AWS and there, some MS Domain Controllers.

My XG cluster must check them to get info about users. With SG I had to configure a SNAT rule (see the photo).

How to do this XG?

Regards

This thread was automatically locked due to age.

0 LuCar Toni over 7 years ago

You can do the SNAT in the IPsec Config.

Just select NAT in IPsec and do a SNAT.

But keep in mind, you have to change the SA.

Basically you do:

SA: SNAT IP - Remote IP

NAT to: Subnet IP

community.sophos.com/.../123356
Cancel
Vote Up 0 Vote Down

Cancel
0 Edgar_Quintana over 7 years ago in reply to LuCar Toni

HI,

Just take a look to the attached image.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 7 years ago in reply to Edgar_Quintana

Hi,

So?

Basically you need to select a IP in the local subnet, tick the NAT option an put ANY there.

And use the IP on AWS as remote subnet aswell.
Cancel
Vote Up 0 Vote Down

Cancel
0 Edgar_Quintana over 7 years ago in reply to LuCar Toni

Hi ManBearPig,

Could you give me more detailed guidance?

Thanks a lot.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 7 years ago in reply to Edgar_Quintana

Take a look at XG:

Local Network = SNAT_IP

Remote Network = AWS IP Addresses (Something like 192.168.0.0/24)

Tick NAT

Choose in Dropdown= NAT to ANY or your local Network.

Then go to AWS.

Local Network = AWS IP Addresses

Remote Network = SNAT_IP
Cancel
Vote Up 0 Vote Down

Cancel