Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 28 subscribers
  • Views 3874 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS 2100 Loopback NAT

Robert Reid

We are looking to deploy an HA pair of XGS2100 firewalls to our data centre. My issue is I cannot get a loopback NAT to work when I am starting the conversation from the same zone as the destination server is in. IF the loopback is to a different zone all is good.

I have googled this for hours and spent hours on the phone with support to no avail. I do have a support ticket open already but I hoping someone might have some additional insight into this.

The Firewall currently have 18.5 MR1 installed.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Would it be possible for you to post the screenshot of the loopback rule, matching firewall rule, and DNAT rule from your firewall? 

    Also, please send me your support case number via personal message. 

    Thanks,

  • 0 in reply to FormerMember

    Loopback NAT

    DNAT Rule

    Firewall Rule

    Loopback NAT rule is a above the DNAT rule in the list. Firewall rule is the first rule in the list.  WE have tried it with the Translated source  being MASQ.

    Other Information that I forgot to mention.   We did a packet capture on the firewall and was only getting incoming packets.  At the same time I was doing a packet capture on the end device and was not receiving any packets. It is like the Firewall is not forwarding the packets.

  • FormerMember
    0 FormerMember in reply to Robert Reid

    Hi ,

    Thank you for the update and screenshots. 

    Would it be possible for you to change the inbound interface to Any in DNAT rule for testing? 

    Thanks,

  • 0 in reply to FormerMember

    Okay.  I removed the port and set to any. It is still not working.  The hit count is incrementing on the NAT rule though.

Reply Children