Hello,
Seeing some I suppose unexpected behavior when configuring DNAT on Sophos Firewall (v19).
I am configuring an ingress DNAT from the internet to my Plex server. When configuring a NAT policy, I would expect to define the following:
- Original Source: Any
- Original Destination: Any
- Original Service: Plex Port
- Translated Destination: Plex Server
- Interface Matching:
- Inbound Interface: WAN
- Outbound Interface: LAN
However, what I'm seeing instead is that by defining a "Outbound Interface" the NAT does not work and internet ingress to the Plex Port (service) is not open. Changing "Outbound Interface" to Any fixes this and NAT is working as expected and the port is externally exposed. After testing the following was my only working configuration:
To me this seems a bit "loose" and I would ideally specify explicit ports, hosts, and zones within the Firewall and NAT policy. Any thoughts on what I could be overlooking here?
This thread was automatically locked due to age.
