Hoping you can help because I cannot beat my brain on my desk anymore on this one.
Our setup: We have 2 SDWan devices on the edge setup in HA mode. They connect to our Sophos XG 310's. The SDWAN devices have a NAT rule that states: If a packet comes from X.X.X.X then go to 172.1.X.X, which is the masqued IP address listed in the Sophos.
However, one of our vendors HAS to be able to bypass the proxy and go directly into a specific computer.
Based on the link below,
https://support.sophos.com/support/s/article/KB-000037190?language=en_US, I have setup the following:
Network rule:
Source: LAN
Source Device: IP address of computer in question
Destination Zone: WAN
Destination network: Group of static IP's that the vendor has confirmed.
Services: HTTP and HTTPS
Deselected:
Scan HTTP
Decrypt and Scan HTTPS
However, I'm not sure what to set on the NAT and routing option:
Do I deselect the "Rewrite source address" and if I do, does that drop the internet connection for this computer? (And, my biggest fear, our whole internet connection?)
If I do deselect the rewrite option, and select our public IP address, does that work or does that open that particular computer up to the potential of being compromised because of the bypass?
Thanks in advance.
This thread was automatically locked due to age.
