Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 2503 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nat Rule 0

David Jumbi

Hi all

I have a requirement to split NATing between different users in my office. I managed to configure this successfully but after going live some PCs have access to the internet while some do not. On the Log viewer, the ones that do not have access to internet have their traffic logged as allowed but processed by a NAT rule 0. I'm certain this is what is causing issues. can anyone help on how to resolve this?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the answer is very simple, the ones that don't do not meet any of the firewall rule requirements. I don't understand why you are doing this through NAT rules rather than firewall rules with user selection policies?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I cannot use user selection policies as two specific departments have to use a different ISP from other departments. so on the initial NAT the source was ALL. On the new NAT rules the source are the respective subnets achieved by using the host feature. The firewall rules remain the same as the only thing that changes is the source parameter and the outbound interface on the NAT rules.

  • 0 in reply to David Jumbi

    Hi,

    well some of your Nat rules are not being met. I suggest you review the sd-wan and see f that might help, also you might try using the user selection process and create seperate rules for each department, further you could also investigate linked rules.

    though ultimately you will need to refine your firewall rules for improved management.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi this is a screenshot from the log viewer the traffic goes through firewall rule #22 and is allowed but then gets a NAT 0. A different PC same network settings goes through firewall rule #22 but gets the correct NAT rule and gets internet. I really just dont understand this. some PCs work some dont work. When I revert to my old NAT settings traffic goes through firewall rule #22 and all the PCs get internet.

  • 0 in reply to David Jumbi

    Hi,

    please check the ip range of the failing devices.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    so the two departments have 2 different subnets both are slash 24s. I have created hosts to cater for these subnets and then have these hosts as the source of the NAT rules. I hope I have responded accurately to your comment.  

  • 0 in reply to David Jumbi

    Hello David,

    Thank you for contacting the Sophos Community.

    Adding to what rfcat mentioned, please add a screenshot of your NAT rules, that shows the translation settings and the interface matching criteria.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Initial NAT ruleNAT rule to use ISP A

    NAT to use ISP B

    Hi Emmanuel please find the screenshots attached. The first one is my initial NAT. The last 2 are the NATs after splitting the departments to use different ISPs

Reply Children
Cookie Information Banner