Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 817 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG210 v.18 SSH FROM LAN TO DMZ

OscarVDP

I have a Sophos XG firewall setup with LAN, DMZ and WAN interface. I am running server in the DMZ and want to administer that server with SSH from my LAN.

I have created a rule with this parameters

SOURCE: LAN

SOURCE NETWORK: CLIENT PC FROM LAN

DESTINATION: DMZ

DESTINATION NETWORKS: I have tried #Port1 (LAN) and #port3(DMZ)

I can´t connect.

Should i create a reverse rule too or/and a nat rule as well

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    You can't use #Port1 or #Port3 as you said, those are the Firewall interfaces and not the actual Zones.

    Instead you should create a Rule as below:

    • Source Zone: LAN
    • Source Network: The IP of your computer.
    • Destination Zone: DMZ
    • Destination Network: In here if you want to communicate to the entire DMZ, you can leave as "Any"; Or if you want to communicate to only a certain Server you can use only that server IP.
    • Services: Here you should select only "SSH".

    Depending on the Scenario, you shouldn't need to create a NAT Rule.

    Thanks!

  • 0 in reply to Prism

    Thanks but.. It Doesn´t work. It looks pretty simple but, doesnt work

    LAN is on 172.17.X.X  #port1

    DMZ on 172.19.X.X #port3

    But can´t connect

  • 0 in reply to OscarVDP

    Hello Oscar,

    Thank you for contacting the Sophos Community.

    Please share a screenshot of your current Firewall. 

    And as Prism mentioned, don't use the Interface # as the Destination Network, rather use the Network/IP/Any.

    Regards,

Reply Children
No Data