Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 3179 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V18 SNAT Rule for different Public IPs please help with an example

Christian Kolbe

Hello Community,

i just switched with a new XG210 to V18 and have a problem with not working snat rule.

The Job ist pretty simple :

The XG has 2 WAN Interfaces  Port 2 / Port 3 

Port 2 is a slow but stable connection with fixed public IP 

Port 3 is a fast Connection with 100 Mbit WAN but changing WAN IP every 24 Hours 

With WAN Link Manger i have set priority to 99 for the fast Connection.

There is the internal Mail Server with Example IP : 192.168.10.1 and i want to create a SNAT Rule that all outgoing Internet Traffice for this

Server only use the Slow Interface 2 with fixed IP (MX Record set to this ip )

Can anyone send me an example of such a rule (or rules if i need more than one) 

Regards

Christian 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    Navigate to Rules and Policies > NAT rules > Add NAT rule and configure the SNAT rule as per the screenshot below:

    Check out the following video for more info: Sophos XG Firewall (v18): NAT Enhancements.

    Thanks,

  • 0 in reply to FormerMember

    Hello H_Patel,

     

    thx for your awnser but this dont work in my environment.

    If i put the new rule on top of NAT Rules it matches instant high frequently (more as it should) 

    if i put it on the lowest position it machtes never .

    On the top position, no mails go out from Barracuda (that ist the network object that strictly has tu use the port 2 IP)

    On the bottom postion, mails are going out but over the wrong interface 


    Here is a Screenshot and you can see that Port 2 Ip is the public ip i want to use ...

    If you look into the Dnat rules, there is of course a wizard generated rule  for bring the traffic from this wan interface to the internal server (Port 25 only) 

    Perhaps i habe to modify the DNAT Rule ? 

    or is the position of your NAT Rule important ?

     

     

     

     

     

     

     

  • 0 in reply to Christian Kolbe

    Hello Community,
    Hello H_Patel,

    i solved the problem with a :

    Routing- SDWAN PBR Rule

    .. but is this the right way ? 

    I created a rule with :
    Source : the IP of  LAN Server System (in my case Barracuda)
    Service : 25 
    All other entrys was set to "all" 

    and under Routig / Primary Gateway I used the Port 2 of my XG which is bound to the slow interface with fixed IP.

    And that worked ...

     

Reply
  • 0 in reply to Christian Kolbe

    Hello Community,
    Hello H_Patel,

    i solved the problem with a :

    Routing- SDWAN PBR Rule

    .. but is this the right way ? 

    I created a rule with :
    Source : the IP of  LAN Server System (in my case Barracuda)
    Service : 25 
    All other entrys was set to "all" 

    and under Routig / Primary Gateway I used the Port 2 of my XG which is bound to the slow interface with fixed IP.

    And that worked ...

     

Children