Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 1273 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HOW TO SECURE PORT FORWARDING IN SOPHOS XG FIREWALL

Fiifi Ansong

I have a cyberoam that I have recently updated the software and firmware to Sophos XG Firewall. I then configured port forwarding and recently got attacked by hackers. The server that was attacked was port forward to allow clients to access SQL Server for replication. These clients use modems to access internet so it's not possible to give them fix IP addresses as their IPs are dynamically provided by the ISP.

I use to use Sophos VPN profiles installed on the clients and later migrated to windows VPN which were far, far too slow compared to the port forwarding before the attack.

My Problem

  1. Is there a work around to provide a fix IP address for the clients to enable me to whitelist these IPs in the Sophos Firewall?
  2. How do i white list IPs in SOPHOS?

Note: I'm a novice in Networking :)

Added:

3. I wish to use the port forwarding while securing my server at the same time. Please help urgently needed.

Thank you all in advance.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    You should configure the IPS policy with the DNAT rule to protect your internal servers from such attacks. There are pre-configured IPS policies that you can configure, for example, WAN to LAN IPS policy.

     It is possible to assign a static IP address to the internal clients if you have a DHCP server configured on the firewall. 

    Could you please provide some more detail on whitelisting the IP addresses from the firewall? Are you trying to whitelist them from the Web Proxy or any other module? For inbound traffic or outbound traffic? 

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    You should configure the IPS policy with the DNAT rule to protect your internal servers from such attacks. There are pre-configured IPS policies that you can configure, for example, WAN to LAN IPS policy.

     It is possible to assign a static IP address to the internal clients if you have a DHCP server configured on the firewall. 

    Could you please provide some more detail on whitelisting the IP addresses from the firewall? Are you trying to whitelist them from the Web Proxy or any other module? For inbound traffic or outbound traffic? 

    Thanks,

Children
No Data