Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 577 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT IPv6 or just Firewall

Bart van der Horst

Hi,

I've got a /56 ipv6 range from my provider and implemented that range in my local network.

First I had to config Snat on the firewall for IPv6 so I could access internet over ipv6, that's working fine now.

But I have problems accessing internal websites from the outside to inside. First just installed a firewall rule to access ipv6 on the inside, simple WAN, ANY, LAN, IPv6 on the inside.

That does not work, i can trace the internal ipv6 to my connection but then it stops.

Then tried the DNAT wizzard, also no succes.

What to do, any help would be nice.

Bart van der Horst



This thread was automatically locked due to age.
Parents
  • 0

    Hello Bart,

    Thank you for contacting the Sophos Community.

    You would need to DNAT rule if you want traffic from the exterior to access your internal resources.

    I would start the troubleshooting to see as to how far the packet makes it, meaning, if the XG sees the packet arriving to it, the rule is being processed, and leaving the interface where the endpoint is located.

    For the first one and second points, you could use the GUI Packet Capture.

    For the 3rd Point, you would need to SSH into the XG, do a tcpdump on the interface where the packet should be sent by the Firewall and see if you see it leaving the firewall, if you do, then check for the traffic coming back on the same interface. This should give you an idea of where to troubleshoot if the XG side or maybe is your endpoint that is not replying to the packets. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    I will take a look at your sugestions.

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?