Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 390 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sometimes NAT matters and sometimes it doesn't; I can't quite understand why I need it sometimes

Anthony Bevelacqua

I am not sure if I always need NAT. Sometimes I do and sometimes I don't. My latest issue was two VLAN networks hanging off the LAN interface of the Sophos XG. I had the correct firewall rules in place but I couldn't get traffic to flow until I created a NAT rule with a SNAT MASQ. Both of these networks were on the LAN zone. 

So what's my question? Do I need NAT between two VLAN networks? And if I don't, could there something else wrong with my config?



This thread was automatically locked due to age.
Parents
  • 0

    You normally dont require NAT for internal segments unless they're overlapping, something that happens commonly when connecting through IPSec for example.

    If you're SNATing the traffic, its using the LAN interface of the firewall which is the gateway and SHOULD work always. When not using NAT, it might be that the devices on the other segment have some intermediate device thats routing the traffic to other place, you could double check that with a trace route. Anyway, for internal vlan traffic you shouldn't require NAT unless something is configured wrong in your enviroment.

    Hope this helps, cant help much without info on the environment.

  • 0 in reply to Antonio Cienfuegos S

    Thanks - it kind of makes sense and sheds some light. I ran a tracert from a computer on one segment to a computer on another segment and it's one hop to the server - the one hop is the default gateway of the calling computer. 

    I am doing some more research to see what is going on. 

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?