Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1019 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPPOE with Framed route

Marco Camacho2

Hi 

PPPOE is done on the XG and from ISP provides 10.222.250.5/32.

We have a 213.150.X.X/29 from the ISP routed via 10.222.250.5.

LAN has internet and DNAT works PAT works that's all good.

How to register the sophos and add licenses because the Firewall itself is not NAT'ing it's go out as 10.222.250.5?



This thread was automatically locked due to age.
Parents
  • 0

    Hi : If you would like to do NAT with another Public IP rather than Interface IP for the firewall-generated traffic then please try applying the system-generated NAT and confirm how it goes. It should work.

    Sophos Firewall: NAT the generated traffic

    support.sophos.com/.../KB-000035607

  • 0 in reply to Vishal_R

    Hi Vishal_R

    I will try this but in the CLI "set advanced-firewall sys-traffic-nat add destination <destination IP address> snatip <SNAT IP address> " Do I set destination IP as 0.0.0.0/0?

    E.g set advanced-firewall sys-traffic-nat add destination 0.0.0.0/0 snatip 1.1.1.1 

  • 0 in reply to Marco Camacho2

    Hi : For testing, try it for 1 or 2 IP like 8.8.8.8 to see the PING to such IP works fine and when it is forwarding request out taking the correct NAT IP as per your requirement, and if that is successful then you may put 0.0.0.0 as well but with Interface condition. So whenever traffic is out via that Interface then in that scenario only that system NAT will be applied. So if you have multiple ISP then the Interface based command will be a more appropriate option as per the below example.

    Example:

    console> set advanced-firewall sys-traffic-nat add destination 8.8.8.8 interface PortX snatip x.x.x.x

Reply
  • 0 in reply to Marco Camacho2

    Hi : For testing, try it for 1 or 2 IP like 8.8.8.8 to see the PING to such IP works fine and when it is forwarding request out taking the correct NAT IP as per your requirement, and if that is successful then you may put 0.0.0.0 as well but with Interface condition. So whenever traffic is out via that Interface then in that scenario only that system NAT will be applied. So if you have multiple ISP then the Interface based command will be a more appropriate option as per the below example.

    Example:

    console> set advanced-firewall sys-traffic-nat add destination 8.8.8.8 interface PortX snatip x.x.x.x

Children