Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 339 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG ver 18MR1 , Nat behviour

Filippogentili

Hi to all !!!

I just have a very strange case with sophos xg new installation of 18Mr1

1 public Ip address for example X.X.X.X  ( alias for external interface ), 1 Internal ip address y.y.y.y

- external tcp port 2310 mapped to internal tcp 80

- external tcp port 2311 mapped to internal tcp 443

1 single firewall rule that permit  X.X.X.X to be reach on any tcp port ( to keep simple as possible )

so two NAT rules and 1 firewall 

 

Problem:

Second firewall rule ( external tcp port 2311 mapped to internal tcp 443 ) is not applied

Configuration is very simple.

just opened a ticket to sophos support.

 



This thread was automatically locked due to age.
Parents
  • 0

    this is network dump by firewall

     

    XG230_WP02_SFOS 18.0.1 MR-1-Build396# tcpdump -n -i any host X.X.X.X or host Y.Y.Y.y
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes

    14:33:46.373142 Port2, IN: ARP, Request who-has X.X.X.X tell AAA.AAA.AAA.AAA, length 46
    14:33:46.373156 Port2, OUT: ARP, Reply X.X.X.X is-at c8:4f:86:fc:00:02, length 28

    14:33:46.373229 Port2, IN: IP AAA.AAA.AAA.AAA.51293 > X.X.X.X.2310: Flags [S], seq 3751674166, win 29200, options [mss 1460,sackOK,TS val 333211252 ecr 0,nop,wscale 7], length 0
    14:33:46.373480 Port1, OUT: IP AAA.AAA.AAA.AAA.51293 > Y.Y.Y.y.80: Flags [S}, seq 3751674166, win 29200, options [mss 1460,sackOK,TS val 333211252 ecr 0,nop,wscale 7], length 0
    14:33:46.374454 Port1, IN: IP Y.Y.Y.y.80 > AAA.AAA.AAA.AAA.51293: Flags [R.], seq 0, ack 3751674167, win 0, length 0
    14:33:46.374619 Port2, OUT: IP X.X.X.X.2310 > AAA.AAA.AAA.AAA.51293: Flags [R.], seq 0, ack 3751674167, win 0, length 0

    14:33:48.402300 Port2, IN: IP AAA.AAA.AAA.AAA.58092 > X.X.X.X.2311: Flags [S], seq 1583913686, win 29200, options [mss 1460,sackOK,TS val 333211759 ecr 0,nop,wscale 7], length 0
    14:33:49.399317 Port2, IN: IP AAA.AAA.AAA.AAA.58092 > X.X.X.X.2311: Flags [S], seq 1583913686, win 29200, options [mss 1460,sackOK,TS val 333212009 ecr 0,nop,wscale 7], length 0
    14:33:51.403416 Port2, IN: IP AAA.AAA.AAA.AAA.58092 > X.X.X.X.2311: Flags [S], seq 1583913686, win 29200, options [mss 1460,sackOK,TS val 333212510 ecr 0,nop,wscale 7], length 0

Reply
  • 0

    this is network dump by firewall

     

    XG230_WP02_SFOS 18.0.1 MR-1-Build396# tcpdump -n -i any host X.X.X.X or host Y.Y.Y.y
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes

    14:33:46.373142 Port2, IN: ARP, Request who-has X.X.X.X tell AAA.AAA.AAA.AAA, length 46
    14:33:46.373156 Port2, OUT: ARP, Reply X.X.X.X is-at c8:4f:86:fc:00:02, length 28

    14:33:46.373229 Port2, IN: IP AAA.AAA.AAA.AAA.51293 > X.X.X.X.2310: Flags [S], seq 3751674166, win 29200, options [mss 1460,sackOK,TS val 333211252 ecr 0,nop,wscale 7], length 0
    14:33:46.373480 Port1, OUT: IP AAA.AAA.AAA.AAA.51293 > Y.Y.Y.y.80: Flags [S}, seq 3751674166, win 29200, options [mss 1460,sackOK,TS val 333211252 ecr 0,nop,wscale 7], length 0
    14:33:46.374454 Port1, IN: IP Y.Y.Y.y.80 > AAA.AAA.AAA.AAA.51293: Flags [R.], seq 0, ack 3751674167, win 0, length 0
    14:33:46.374619 Port2, OUT: IP X.X.X.X.2310 > AAA.AAA.AAA.AAA.51293: Flags [R.], seq 0, ack 3751674167, win 0, length 0

    14:33:48.402300 Port2, IN: IP AAA.AAA.AAA.AAA.58092 > X.X.X.X.2311: Flags [S], seq 1583913686, win 29200, options [mss 1460,sackOK,TS val 333211759 ecr 0,nop,wscale 7], length 0
    14:33:49.399317 Port2, IN: IP AAA.AAA.AAA.AAA.58092 > X.X.X.X.2311: Flags [S], seq 1583913686, win 29200, options [mss 1460,sackOK,TS val 333212009 ecr 0,nop,wscale 7], length 0
    14:33:51.403416 Port2, IN: IP AAA.AAA.AAA.AAA.58092 > X.X.X.X.2311: Flags [S], seq 1583913686, win 29200, options [mss 1460,sackOK,TS val 333212510 ecr 0,nop,wscale 7], length 0

Children
No Data